VYPR

.net Framework

by Microsoft

CVEs (181)

  • CVE-2013-3860Oct 9, 2013
    risk 0.03cvss epss 0.32

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity…

  • CVE-2013-0005Jan 9, 2013
    risk 0.03cvss epss 0.32

    The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and…

  • CVE-2011-3417Dec 30, 2011
    risk 0.03cvss epss 0.36

    The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via…

  • CVE-2006-3436Oct 10, 2006
    risk 0.03cvss epss 0.38

    Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".

  • CVE-2006-1300Jul 11, 2006
    risk 0.03cvss epss 0.37

    Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."

  • CVE-2022-26832Apr 15, 2022
    risk 0.02cvss epss 0.03

    .NET Framework Denial of Service Vulnerability

  • CVE-2022-21911Jan 11, 2022
    risk 0.02cvss epss 0.03

    .NET Framework Denial of Service Vulnerability

  • CVE-2021-24111Feb 25, 2021
    risk 0.02cvss epss 0.04

    .NET Framework Denial of Service Vulnerability

  • CVE-2018-8540Dec 12, 2018
    risk 0.02cvss epss 0.22

    A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework…

  • CVE-2015-6108Dec 9, 2015
    risk 0.02cvss epss 0.26

    The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4,…

  • CVE-2015-2526Sep 9, 2015
    risk 0.02cvss epss 0.24

    Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability."

  • CVE-2015-2504Sep 9, 2015
    risk 0.02cvss epss 0.21

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security…

  • CVE-2015-2435Aug 15, 2015
    risk 0.02cvss epss 0.22

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1,…

  • CVE-2014-4149Nov 11, 2014
    risk 0.02cvss epss 0.21

    Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."

  • CVE-2014-4121Oct 15, 2014
    risk 0.02cvss epss 0.19

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web…

  • CVE-2014-4073Oct 15, 2014
    risk 0.02cvss epss 0.23

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege…

  • CVE-2014-4072Sep 10, 2014
    risk 0.02cvss epss 0.31

    Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted…

  • CVE-2013-3171Jul 10, 2013
    risk 0.02cvss epss 0.21

    The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a…

  • CVE-2013-3134Jul 10, 2013
    risk 0.02cvss epss 0.21

    The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array…

  • CVE-2013-3133Jul 10, 2013
    risk 0.02cvss epss 0.21

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application,…

Page 4 of 10