VYPR

.net Framework

by Microsoft

CVEs (181)

  • CVE-2026-23666HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

  • CVE-2018-8360HigAug 15, 2018
    risk 0.49cvss 7.5epss 0.09

    An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft…

  • CVE-2017-0248HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.06

    Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

  • CVE-2016-3209MedOct 14, 2016
    risk 0.43cvss 5.5epss 0.54

    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for…

  • CVE-2026-33116HigApr 14, 2026
    risk 0.42cvss 7.5epss 0.01

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  • CVE-2016-0149MedMay 11, 2016
    risk 0.39cvss 5.9epss 0.08

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure…

  • CVE-2026-32226MedApr 14, 2026
    risk 0.38cvss 5.9epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

  • CVE-2018-8356MedJul 11, 2018
    risk 0.36cvss 5.5epss 0.01

    A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework…

  • CVE-2020-0646KEVJan 14, 2020
    risk 0.23cvss epss 0.99

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

  • CVE-2020-1147KEVJul 14, 2020
    risk 0.22cvss epss 0.94

    A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

  • CVE-2024-29059KEVMar 22, 2024
    risk 0.19cvss epss 0.99

    .NET Framework Information Disclosure Vulnerability

  • CVE-2014-0257Feb 12, 2014
    risk 0.09cvss epss 0.70

    Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application…

  • CVE-2007-0042Jul 10, 2007
    risk 0.09cvss epss 0.78

    Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the…

  • CVE-2010-3332Sep 22, 2010
    risk 0.08cvss epss 0.67

    Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View…

  • CVE-2005-2127Aug 19, 2005
    risk 0.08cvss epss 0.64

    Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet…

  • CVE-2013-3861Oct 9, 2013
    risk 0.07cvss epss 0.83

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."

  • CVE-2004-0200Sep 28, 2004
    risk 0.07cvss epss 0.49

    Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length…

  • CVE-2023-36899Aug 8, 2023
    risk 0.06cvss epss 0.74

    ASP.NET Elevation of Privilege Vulnerability

  • CVE-2015-2464Aug 15, 2015
    risk 0.06cvss epss 0.36

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic…

  • CVE-2015-2463Aug 15, 2015
    risk 0.06cvss epss 0.34

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic…

Page 2 of 10