.net Framework@3.5.1 Security Vulnerabilities and Issues — .net Framework@3.5.1 CVE List

Lucene search

Microsoft.net Framework3.5.1

121 matches found

CVE•added 2020/01/14 11:15 p.m.•1383 views

CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

10CVSS9.7AI score0.93121EPSS

CVE•added 2017/09/13 1:29 a.m.•1297 views

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

9.3CVSS7.5AI score0.93762EPSS

CVE•added 2020/07/14 11:15 p.m.•1271 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92846EPSS

CVE•added 2015/05/13 10:59 a.m.•1028 views

CVE-2015-1671

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Develo...

9.3CVSS7.3AI score0.74124EPSS

CVE•added 2023/09/12 5:15 p.m.•487 views

CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01289EPSS

CVE•added 2023/09/12 5:15 p.m.•483 views

CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01537EPSS

CVE•added 2023/09/12 5:15 p.m.•477 views

CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00994EPSS

CVE•added 2023/09/12 5:15 p.m.•470 views

CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.01EPSS

CVE•added 2023/09/12 5:15 p.m.•442 views

CVE-2023-36788

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00281EPSS

CVE•added 2024/03/23 12:15 a.m.•364 views

CVE-2024-29059

.NET Framework Information Disclosure Vulnerability

7.5CVSS7.3AI score0.93675EPSS

CVE•added 2020/08/17 7:15 p.m.•345 views

CVE-2020-1046

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ...

9.3CVSS8.3AI score0.09677EPSS

CVE•added 2020/01/14 11:15 p.m.•276 views

CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. ...

9.3CVSS8.8AI score0.42556EPSS

CVE•added 2019/07/15 7:15 p.m.•271 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2023/11/14 6:15 p.m.•240 views

CVE-2023-36560

ASP.NET Security Feature Bypass Vulnerability

8.8CVSS8.5AI score0.0417EPSS

CVE•added 2014/10/15 10:55 a.m.•232 views

CVE-2014-4073

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."

10CVSS7.4AI score0.29986EPSS

CVE•added 2023/11/14 9:15 p.m.•232 views

CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

9.8CVSS8.7AI score0.03285EPSS

CVE•added 2022/12/13 7:15 p.m.•221 views

CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.08927EPSS

CVE•added 2022/05/10 9:15 p.m.•215 views

CVE-2022-30130

.NET Framework Denial of Service Vulnerability

5.5CVSS4AI score0.0111EPSS

CVE•added 2019/05/16 7:29 p.m.•214 views

CVE-2019-0820

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

7.5CVSS7.2AI score0.03188EPSS

CVE•added 2020/05/21 11:15 p.m.•214 views

CVE-2020-1108

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

7.5CVSS7.3AI score0.02352EPSS

CVE•added 2019/07/15 7:15 p.m.•200 views

CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5CVSS7.2AI score0.10562EPSS

CVE•added 2020/01/14 11:15 p.m.•194 views

CVE-2020-0606

9.3CVSS8.8AI score0.42556EPSS

CVE•added 2020/08/17 7:15 p.m.•192 views

CVE-2020-1476

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send ...

5.5CVSS7.1AI score0.01084EPSS

CVE•added 2014/10/15 10:55 a.m.•183 views

CVE-2014-4121

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET ...

10CVSS8.3AI score0.4252EPSS

CVE•added 2020/10/16 11:15 p.m.•182 views

CVE-2020-16937

<p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p><p>To exploit the vulnerability, an authenticated attacker would need t...

5.5CVSS5.8AI score0.07537EPSS

CVE•added 2019/07/29 2:9 p.m.•180 views

CVE-2019-1113

8.8CVSS8.3AI score0.27594EPSS

CVE•added 2013/10/09 2:53 p.m.•176 views

CVE-2013-3861

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

7.8CVSS6.5AI score0.77062EPSS

CVE•added 2012/04/10 9:55 p.m.•175 views

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framewor...

9.3CVSS9.5AI score0.55802EPSS

CVE•added 2023/02/14 8:15 p.m.•174 views

CVE-2023-21722

.NET Framework Denial of Service Vulnerability

5CVSS5.3AI score0.00305EPSS

CVE•added 2018/05/09 7:29 p.m.•172 views

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4....

7.5CVSS7.2AI score0.05916EPSS

CVE•added 2019/05/16 7:29 p.m.•171 views

CVE-2019-0980

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.

7.5CVSS7.3AI score0.03188EPSS

CVE•added 2013/01/09 6:9 p.m.•169 views

CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that l...

9.3CVSS7.8AI score0.58748EPSS

CVE•added 2024/07/09 5:15 p.m.•164 views

CVE-2024-38081

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.3CVSS7.2AI score0.0018EPSS

CVE•added 2020/05/21 11:15 p.m.•163 views

CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcti...

7.8CVSS7.5AI score0.29538EPSS

CVE•added 2019/05/16 7:29 p.m.•161 views

CVE-2019-0981

7.5CVSS7.3AI score0.03188EPSS

CVE•added 2015/12/09 11:59 a.m.•160 views

CVE-2015-6108

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and ...

9.3CVSS7.4AI score0.47364EPSS

CVE•added 2023/06/14 3:15 p.m.•160 views

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.00925EPSS

CVE•added 2010/09/22 7:0 p.m.•156 views

CVE-2010-3332

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE)...

6.4CVSS6.1AI score0.87272EPSS

CVE•added 2013/05/15 3:36 a.m.•156 views

CVE-2013-1336

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spo...

5CVSS6.5AI score0.71344EPSS

CVE•added 2018/01/10 1:29 a.m.•154 views

CVE-2018-0764

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CV...

7.5CVSS6.4AI score0.22007EPSS

CVE•added 2022/01/11 9:15 p.m.•154 views

CVE-2022-21911

.NET Framework Denial of Service Vulnerability

7.5CVSS7.5AI score0.16178EPSS

CVE•added 2023/06/14 3:15 p.m.•154 views

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.5CVSS7.7AI score0.01138EPSS

CVE•added 2023/06/14 3:15 p.m.•154 views

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5CVSS7.6AI score0.01597EPSS

CVE•added 2013/01/09 6:9 p.m.•153 views

CVE-2013-0005

The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via cra...

7.8CVSS6.4AI score0.68306EPSS

CVE•added 2013/01/09 6:9 p.m.•152 views

CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that...

9.3CVSS7.7AI score0.5886EPSS

CVE•added 2013/10/09 2:53 p.m.•152 views

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary...

9.3CVSS7.3AI score0.52356EPSS

CVE•added 2015/09/09 12:59 a.m.•152 views

CVE-2015-2504

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a craf...

9.3CVSS7.7AI score0.258EPSS

CVE•added 2012/05/09 12:55 a.m.•149 views

CVE-2012-0161

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application...

9.3CVSS9.4AI score0.55229EPSS

CVE•added 2012/05/09 12:55 a.m.•146 views

CVE-2012-0160

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework S...

9.3CVSS9.4AI score0.57511EPSS

CVE•added 2012/11/14 12:55 a.m.•146 views

CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application,...

7.9CVSS6.3AI score0.00949EPSS

Total number of security vulnerabilities121