Microsoft .net Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft .net Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (183)
CVE-2014-1806 — CVSS 10.0 (critical): The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict…
CVE-2013-0073 — CVSS 10.0 (critical): The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the…
CVE-2014-4121 — CVSS 10.0 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers…
CVE-2008-5100 — CVSS 10.0 (critical): The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the…
CVE-2014-4073 — CVSS 10.0 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce…
CVE-2002-0369 — CVSS 10.0 (critical): Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary…
CVE-2018-8421 — CVSS 9.8 (critical): A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code…
CVE-2016-0132 — CVSS 9.8 (critical): Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of…
CVE-2018-8540 — CVSS 9.8 (critical): A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote…
CVE-2009-0091 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which…
CVE-2009-2497 — CVSS 9.3 (critical): The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly…
CVE-2009-2500 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2501 — CVSS 9.3 (critical): Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007…
CVE-2009-2503 — CVSS 9.3 (critical): GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2504 — CVSS 9.3 (critical): Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2…
CVE-2009-2528 — CVSS 9.3 (critical): GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to…
CVE-2009-3126 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2010-1898 — CVSS 9.3 (critical): The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3…
CVE-2010-3228 — CVSS 9.3 (critical): The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers…
CVE-2015-6108 — CVSS 9.3 (critical): The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows…
CVE-2015-2460 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2014-4149 — CVSS 9.3 (critical): Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which…
CVE-2015-2456 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-2455 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-2435 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-1673 — CVSS 9.3 (critical): The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow…
CVE-2007-0041 — CVSS 9.3 (critical): The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to…
CVE-2007-0043 — CVSS 9.3 (critical): The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows…
CVE-2009-0090 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to…
CVE-2013-0004 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects…
CVE-2015-2481 — CVSS 9.3 (critical): The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote…
CVE-2015-2480 — CVSS 9.3 (critical): The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote…
CVE-2013-3128 — CVSS 9.3 (critical): The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2…
CVE-2013-3131 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data…
CVE-2013-3132 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use…
CVE-2013-3133 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which…
CVE-2013-3134 — CVSS 9.3 (critical): The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly…
CVE-2013-3171 — CVSS 9.3 (critical): The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the…
CVE-2015-2479 — CVSS 9.3 (critical): The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote…
CVE-2014-0257 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute…
CVE-2015-2464 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-2463 — CVSS 9.3 (critical): Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2…
CVE-2015-2462 — CVSS 9.3 (critical): ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1…
CVE-2010-3958 — CVSS 9.3 (critical): The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows…
CVE-2011-0664 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly…
CVE-2011-1253 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict…
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2012-0015 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers…
CVE-2012-0160 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows…
CVE-2012-0161 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during…
CVE-2012-0162 — CVSS 9.3 (critical): Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted…
CVE-2012-0163 — CVSS 9.3 (critical): Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows…
CVE-2012-1855 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to…
CVE-2012-1895 — CVSS 9.3 (critical): The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object…
CVE-2012-4776 — CVSS 9.3 (critical): The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate…
CVE-2012-4777 — CVSS 9.3 (critical): The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object…
CVE-2015-2504 — CVSS 9.3 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy…
CVE-2013-0002 — CVSS 9.3 (critical): Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1…
CVE-2013-0003 — CVSS 9.3 (critical): Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1…
CVE-2020-0606 — CVSS 8.8 (high): A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who…
CVE-2019-1113 — CVSS 8.8 (high): A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who…
CVE-2018-8260 — CVSS 8.8 (high): A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET…
CVE-2016-0145 — CVSS 8.8 (high): The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold…
CVE-2019-0613 — CVSS 8.8 (high): A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source…
CVE-2020-0605 — CVSS 8.8 (high): A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who…
CVE-2024-0056 — CVSS 8.7 (high): Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2009-2502 — CVSS 8.1 (high): Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office…
CVE-2018-8284 — CVSS 8.1 (high): A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote…
CVE-2012-2519 — CVSS 7.9 (high): Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4…
CVE-2020-1046 — CVSS 7.8 (high): A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this…
CVE-2007-0042 — CVSS 7.8 (high): Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote…
CVE-2012-0014 — CVSS 7.8 (high): Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated…
CVE-2013-0005 — CVSS 7.8 (high): The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and…
CVE-2013-3129 — CVSS 7.8 (high): Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and…
CVE-2013-3860 — CVSS 7.8 (high): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation…
CVE-2013-3861 — CVSS 7.8 (high): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash…
CVE-2016-0148 — CVSS 7.8 (high): Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application…
CVE-2017-0160 — CVSS 7.8 (high): Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious…
CVE-2018-1039 — CVSS 7.8 (high): A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework…
CVE-2018-8202 — CVSS 7.8 (high): An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET…
CVE-2020-1066 — CVSS 7.8 (high): An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit…
CVE-2011-1271 — CVSS 7.7 (high): The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly…
CVE-2016-0047 — CVSS 7.5 (high): WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information…
CVE-2016-0033 — CVSS 7.5 (high): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows…
CVE-2013-1337 — CVSS 7.5 (high): Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint…
CVE-2016-3255 — CVSS 7.5 (high): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing…
CVE-2016-7270 — CVSS 7.5 (high): The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to…
CVE-2017-0248 — CVSS 7.5 (high): Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings…
CVE-2017-8585 — CVSS 7.5 (high): Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application…
CVE-2026-33116 — CVSS 7.5 (high): Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny…
CVE-2018-0764 — CVSS 7.5 (high): Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a…
CVE-2018-0765 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of…
CVE-2018-0786 — CVSS 7.5 (high): Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core…
CVE-2005-2127 — CVSS 7.5 (high): Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute…
CVE-2026-23666 — CVSS 7.5 (high): Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2020-1108 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework…
CVE-2018-8360 — CVSS 7.5 (high): An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in…
CVE-2018-8517 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service…
CVE-2019-0545 — CVSS 7.5 (high): An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS)…
CVE-2019-0820 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET…
CVE-2019-0980 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core…
CVE-2019-0981 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core…
CVE-2019-1006 — CVSS 7.5 (high): An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing…
CVE-2019-1083 — CVSS 7.5 (high): A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of…
CVE-2019-11397 — CVSS 6.5 (medium): GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion…
CVE-2010-3332 — CVSS 6.4 (medium): Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information…
CVE-2016-0149 — CVSS 5.9 (medium): Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive…
CVE-2019-0657 — CVSS 5.9 (medium): A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio…
CVE-2026-32226 — CVSS 5.9 (medium): Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized…
CVE-2019-0864 — CVSS 5.5 (medium): A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of…
CVE-2016-3209 — CVSS 5.5 (medium): Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1…
CVE-2019-1142 — CVSS 5.5 (medium): An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary…
CVE-2018-8356 — CVSS 5.5 (medium): A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET…
CVE-2020-1476 — CVSS 5.5 (medium): An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached…
CVE-2006-1511 — CVSS 5.1 (medium): Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary…
CVE-2014-0253 — CVSS 5.0 (medium): Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows…
CVE-2002-0409 — CVSS 5.0 (medium): orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote…
CVE-2012-0164 — CVSS 5.0 (medium): Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application…
CVE-2006-1300 — CVSS 5.0 (medium): Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to…
CVE-2015-1672 — CVSS 5.0 (medium): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and…
CVE-2014-4072 — CVSS 5.0 (medium): Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request…
CVE-2013-1336 — CVSS 5.0 (medium): The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which…
CVE-2015-2526 — CVSS 5.0 (medium): Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted…
CVE-2012-1896 — CVSS 5.0 (medium): Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote…
CVE-2025-55248 — CVSS 4.8 (medium): Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2020-16937 — CVSS 4.7 (medium): <p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who…
CVE-2008-3843 — CVSS 4.3 (medium): Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly…
CVE-2015-6096 — CVSS 4.3 (medium): The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary…
CVE-2015-6099 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to…
CVE-2015-1670 — CVSS 4.3 (medium): The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers…
CVE-2014-4122 — CVSS 4.3 (medium): Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially…
CVE-2008-3842 — CVSS 4.3 (medium): Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly…
CVE-2014-4062 — CVSS 4.3 (medium): Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows…
CVE-2014-0295 — CVSS 4.3 (medium): VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for…
CVE-2006-7192 — CVSS 4.3 (medium): Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass…
CVE-2015-6115 — CVSS 4.3 (medium): Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site…
CVE-2005-0509 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject…
CVE-2006-3436 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2013-0001 — CVSS 4.3 (medium): The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly…
CVE-2010-2085 — CVSS 4.3 (medium): The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows…
CVE-2011-1978 — CVSS 4.3 (medium): Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers…
CVE-2011-1977 — CVSS 4.3 (medium): The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify…
CVE-2006-1510 — CVSS 4.0 (medium): Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft…
CVE-2009-1536 — CVSS 2.6 (low): ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not…
CVE-2015-1648 — CVSS 2.6 (low): ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is…