Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft Subscribe
Filtered by product .net Framework

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 44 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21312 1 Microsoft 13 .net Framework, Windows 10 1607, Windows 10 1809 and 10 more 2024-01-12 N/A 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2020-1046 1 Microsoft 8 .net Framework, Windows 10, Windows 7 and 5 more 2024-01-04 9.3 HIGH 7.8 HIGH
<p>A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.</p> <p>To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.</p> <p>The security update addresses the vulnerability by correcting how .NET Framework processes input.</p>
CVE-2021-24111 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2023-12-29 5.0 MEDIUM 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2022-26832 1 Microsoft 11 .net Framework, Windows 10, Windows 11 and 8 more 2023-12-21 5.0 MEDIUM 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2022-21911 1 Microsoft 10 .net Framework, Windows 10, Windows 11 and 7 more 2023-12-21 5.0 MEDIUM 7.5 HIGH
.NET Framework Denial of Service Vulnerability
CVE-2022-26929 1 Microsoft 11 .net Framework, Windows 10, Windows 11 and 8 more 2023-12-20 N/A 7.8 HIGH
.NET Framework Remote Code Execution Vulnerability
CVE-2023-21808 1 Microsoft 25 .net, .net Framework, Visual Studio 2017 and 22 more 2023-12-13 N/A 7.8 HIGH
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-36560 1 Microsoft 14 .net Framework, Windows 10 1507, Windows 10 1607 and 11 more 2023-11-20 N/A 8.8 HIGH
ASP.NET Security Feature Bypass Vulnerability
CVE-2022-41089 1 Microsoft 11 .net Framework, Windows 10, Windows 11 and 8 more 2023-11-17 N/A 7.8 HIGH
.NET Framework Remote Code Execution Vulnerability
CVE-2023-36899 1 Microsoft 11 .net, .net Framework, Windows 10 1809 and 8 more 2023-08-11 N/A 8.8 HIGH
ASP.NET Elevation of Privilege Vulnerability
CVE-2023-24936 1 Microsoft 14 .net, .net Framework, Windows 10 1507 and 11 more 2023-08-01 N/A 7.5 HIGH
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2020-1147 1 Microsoft 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more 2022-07-12 6.8 MEDIUM 7.8 HIGH
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2018-8202 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2022-05-23 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
CVE-2018-8260 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2022-05-23 6.8 MEDIUM 8.8 HIGH
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
CVE-2019-0545 1 Microsoft 11 .net Core, .net Framework, Windows 10 and 8 more 2022-05-23 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
CVE-2018-8360 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2022-05-23 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
CVE-2018-8284 1 Microsoft 13 .net Framework, Project Server, Sharepoint Enterprise Server and 10 more 2022-05-23 9.3 HIGH 8.1 HIGH
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
CVE-2018-0786 1 Microsoft 10 .net Core, .net Framework, Powershell Core and 7 more 2021-08-12 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
CVE-2018-0764 1 Microsoft 10 .net Core, .net Framework, Powershell Core and 7 more 2021-08-12 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
CVE-2020-1066 1 Microsoft 3 .net Framework, Windows 7, Windows Server 2008 2021-07-21 4.6 MEDIUM 7.8 HIGH
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.
CVE-2020-1108 1 Microsoft 14 .net Core, .net Framework, Powershell and 11 more 2021-05-18 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
CVE-2018-8517 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2020-09-28 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
CVE-2019-0820 1 Microsoft 10 .net Core, .net Framework, Windows 10 and 7 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
CVE-2019-1006 1 Microsoft 13 .net Framework, Identitymodel, Sharepoint Enterprise Server and 10 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
CVE-2020-0605 1 Microsoft 10 .net Core, .net Framework, Windows 10 and 7 more 2020-01-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
CVE-2020-0606 1 Microsoft 10 .net Core, .net Framework, Windows 10 and 7 more 2020-01-17 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
CVE-2017-0160 1 Microsoft 1 .net Framework 2019-10-03 7.2 HIGH 7.8 HIGH
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
CVE-2018-1039 1 Microsoft 8 .net Framework, Windows 10, Windows 7 and 5 more 2019-10-03 4.6 MEDIUM 7.8 HIGH
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
CVE-2017-0248 1 Microsoft 1 .net Framework 2019-10-03 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
CVE-2019-1113 1 Microsoft 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more 2019-07-19 6.8 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
CVE-2019-1083 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2019-07-17 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
CVE-2019-0980 1 Microsoft 10 .net Core, .net Framework, Windows 10 and 7 more 2019-05-22 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
CVE-2019-0981 1 Microsoft 10 .net Core, .net Framework, Windows 10 and 7 more 2019-05-22 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
CVE-2019-0613 1 Microsoft 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more 2019-03-06 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.
CVE-2016-7270 1 Microsoft 1 .net Framework 2018-10-12 5.0 MEDIUM 7.5 HIGH
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
CVE-2016-3255 1 Microsoft 1 .net Framework 2018-10-12 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
CVE-2016-0145 1 Microsoft 13 .net Framework, Live Meeting, Lync and 10 more 2018-10-12 9.3 HIGH 8.8 HIGH
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."
CVE-2016-0148 1 Microsoft 1 .net Framework 2018-10-12 7.2 HIGH 7.8 HIGH
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."
CVE-2016-0033 1 Microsoft 1 .net Framework 2018-10-12 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
CVE-2016-0047 1 Microsoft 1 .net Framework 2018-10-12 5.0 MEDIUM 7.5 HIGH
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
CVE-2018-0765 1 Microsoft 9 .net Core, .net Framework, Windows 10 and 6 more 2018-06-14 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
CVE-2017-8759 1 Microsoft 1 .net Framework 2018-01-14 9.3 HIGH 7.8 HIGH
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
CVE-2017-8585 1 Microsoft 1 .net Framework 2017-12-02 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
CVE-2016-2887 2 Ibm, Microsoft 2 Ims Enterprise Suite, .net Framework 2016-12-03 5.5 MEDIUM 8.1 HIGH
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.