.net Framework@2.0 Security Vulnerabilities and Issues — .net Framework@2.0 CVE List

Lucene search

Microsoft.net Framework2.0

121 matches found

CVE•added 2017/09/13 1:29 a.m.•1297 views

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

9.3CVSS7.5AI score0.93762EPSS

CVE•added 2020/07/14 11:15 p.m.•1271 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92846EPSS

CVE•added 2024/01/09 6:15 p.m.•576 views

CVE-2024-0056

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

8.7CVSS9.1AI score0.00346EPSS

CVE•added 2024/01/09 6:15 p.m.•533 views

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

9.8CVSS9.3AI score0.02349EPSS

CVE•added 2023/09/12 5:15 p.m.•487 views

CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01289EPSS

CVE•added 2023/09/12 5:15 p.m.•483 views

CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01537EPSS

CVE•added 2023/09/12 5:15 p.m.•477 views

CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00994EPSS

CVE•added 2023/09/12 5:15 p.m.•470 views

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01EPSS

CVE•added 2023/09/12 5:15 p.m.•442 views

CVE-2023-36788

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00281EPSS

CVE•added 2024/03/23 12:15 a.m.•364 views

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

7.5CVSS7.3AI score0.93675EPSS

CVE•added 2020/08/17 7:15 p.m.•345 views

CVE-2020-1046

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ...

9.3CVSS8.3AI score0.09677EPSS

CVE•added 2019/07/15 7:15 p.m.•271 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2023/11/14 6:15 p.m.•240 views

CVE-2023-36560

ASP.NET Security Feature Bypass Vulnerability

8.8CVSS8.5AI score0.0417EPSS

CVE•added 2014/10/15 10:55 a.m.•232 views

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

10CVSS7.4AI score0.29986EPSS

CVE•added 2023/11/14 9:15 p.m.•232 views

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

9.8CVSS8.7AI score0.03285EPSS

CVE•added 2022/12/13 7:15 p.m.•221 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.08927EPSS

CVE•added 2022/05/10 9:15 p.m.•215 views

CVE-2022-30130

.NET Framework Denial of Service Vulnerability

5.5CVSS4AI score0.0111EPSS

CVE•added 2019/05/16 7:29 p.m.•214 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03188EPSS

CVE•added 2020/05/21 11:15 p.m.•214 views

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

7.5CVSS7.3AI score0.02352EPSS

CVE•added 2019/07/15 7:15 p.m.•200 views

CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5CVSS7.2AI score0.10562EPSS

CVE•added 2020/08/17 7:15 p.m.•192 views

CVE-2020-1476

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send ...

5.5CVSS7.1AI score0.01084EPSS

CVE•added 2014/10/15 10:55 a.m.•183 views

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET ...

10CVSS8.3AI score0.4252EPSS

CVE•added 2020/10/16 11:15 p.m.•182 views

CVE-2020-16937

<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p><p>To exploit the vulnerability, an authenticated attacker would need t...

5.5CVSS5.8AI score0.07537EPSS

CVE•added 2019/07/29 2:9 p.m.•180 views

CVE-2019-1113

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

8.8CVSS8.3AI score0.27594EPSS

CVE•added 2013/10/09 2:53 p.m.•176 views

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

7.8CVSS6.5AI score0.77062EPSS

CVE•added 2012/04/10 9:55 p.m.•175 views

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framewor...

9.3CVSS9.5AI score0.55802EPSS

CVE•added 2023/02/14 8:15 p.m.•174 views

CVE-2023-21722

.NET Framework Denial of Service Vulnerability

5CVSS5.3AI score0.00305EPSS

CVE•added 2023/08/08 7:15 p.m.•173 views

CVE-2023-36899

ASP.NET Elevation of Privilege Vulnerability

8.8CVSS8.6AI score0.59432EPSS

CVE•added 2018/05/09 7:29 p.m.•172 views

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4....

7.5CVSS7.2AI score0.05916EPSS

CVE•added 2019/05/16 7:29 p.m.•171 views

CVE-2019-0980

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.

7.5CVSS7.3AI score0.03188EPSS

CVE•added 2013/01/09 6:9 p.m.•169 views

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that l...

9.3CVSS7.8AI score0.58748EPSS

CVE•added 2024/07/09 5:15 p.m.•164 views

CVE-2024-38081

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.0018EPSS

CVE•added 2019/05/16 7:29 p.m.•161 views

CVE-2019-0981

7.5CVSS7.3AI score0.03188EPSS

CVE•added 2023/06/14 3:15 p.m.•160 views

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00925EPSS

CVE•added 2010/09/22 7:0 p.m.•156 views

CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE)...

6.4CVSS6.1AI score0.87272EPSS

CVE•added 2013/05/15 3:36 a.m.•156 views

CVE-2013-1336

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spo...

5CVSS6.5AI score0.71344EPSS

CVE•added 2018/01/10 1:29 a.m.•154 views

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CV...

7.5CVSS6.4AI score0.22007EPSS

CVE•added 2022/01/11 9:15 p.m.•154 views

CVE-2022-21911

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.16178EPSS

CVE•added 2023/06/14 3:15 p.m.•154 views

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.5CVSS7.7AI score0.01138EPSS

CVE•added 2023/06/14 3:15 p.m.•154 views

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01597EPSS

CVE•added 2013/01/09 6:9 p.m.•152 views

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that...

9.3CVSS7.7AI score0.5886EPSS

CVE•added 2015/09/09 12:59 a.m.•152 views

CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a craf...

9.3CVSS7.7AI score0.258EPSS

CVE•added 2012/05/09 12:55 a.m.•149 views

CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application...

9.3CVSS9.4AI score0.55229EPSS

CVE•added 2012/05/09 12:55 a.m.•146 views

CVE-2012-0160

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework S...

9.3CVSS9.4AI score0.57511EPSS

CVE•added 2012/11/14 12:55 a.m.•146 views

CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application,...

7.9CVSS6.3AI score0.00949EPSS

CVE•added 2013/10/09 2:53 p.m.•143 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability."

7.8CVSS6.5AI score0.63818EPSS

CVE•added 2019/03/06 12:0 a.m.•143 views

CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

5.9CVSS6.7AI score0.0553EPSS

CVE•added 2024/10/08 6:15 p.m.•143 views

CVE-2024-43484

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01412EPSS

CVE•added 2015/11/11 12:59 p.m.•136 views

CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosu...

4.3CVSS6.4AI score0.32946EPSS

CVE•added 2012/06/12 10:55 p.m.•134 views

CVE-2012-1855

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerabi...

9.3CVSS7.4AI score0.47527EPSS

Total number of security vulnerabilities121