Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1476 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2024-01-04 | 2.1 LOW | 5.5 MEDIUM |
| <p>An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.</p> <p>To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server.</p> <p>The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.</p> | |||||
| CVE-2020-16937 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2023-12-31 | 4.3 MEDIUM | 4.7 MEDIUM |
| <p>An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.</p> <p>To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application.</p> <p>The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.</p> | |||||
| CVE-2023-36873 | 1 Microsoft | 12 .net Framework, Windows 10 1607, Windows 10 1809 and 9 more | 2023-08-10 | N/A | 5.9 MEDIUM |
| .NET Framework Spoofing Vulnerability | |||||
| CVE-2018-8356 | 1 Microsoft | 13 .net Core, .net Framework, .net Framework Developer Pack and 10 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | |||||
| CVE-2022-30130 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2022-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET Framework Denial of Service Vulnerability. | |||||
| CVE-2019-1142 | 1 Microsoft | 7 .net Framework, Windows 10, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0864 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. | |||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2019-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | |||||
| CVE-2019-0657 | 1 Microsoft | 12 .net Core, .net Framework, Powershell Core and 9 more | 2019-03-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | |||||
| CVE-2016-0149 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability." | |||||
| CVE-2016-3209 | 1 Microsoft | 14 .net Framework, Live Meeting, Lync and 11 more | 2018-10-12 | 5.0 MEDIUM | 5.5 MEDIUM |
| Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." | |||||