VYPR

.net Framework

by Microsoft

CVEs (181)

  • CVE-2020-1046Aug 17, 2020
    risk 0.01cvss epss 0.04

    A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially…

  • CVE-2019-1083Jul 15, 2019
    risk 0.01cvss epss 0.08

    A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

  • CVE-2019-0820May 16, 2019
    risk 0.01cvss epss 0.06

    A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

  • CVE-2019-0613Mar 6, 2019
    risk 0.01cvss epss 0.15

    A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET…

  • CVE-2019-0657Mar 6, 2019
    risk 0.01cvss epss 0.05

    A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

  • CVE-2018-8517Dec 12, 2018
    risk 0.01cvss epss 0.06

    A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2,…

  • CVE-2015-6115Nov 11, 2015
    risk 0.01cvss epss 0.14

    Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."

  • CVE-2015-2481Aug 15, 2015
    risk 0.01cvss epss 0.14

    The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different…

  • CVE-2015-2480Aug 15, 2015
    risk 0.01cvss epss 0.14

    The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different…

  • CVE-2015-2479Aug 15, 2015
    risk 0.01cvss epss 0.17

    The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different…

  • CVE-2015-1673May 13, 2015
    risk 0.01cvss epss 0.17

    The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege…

  • CVE-2015-1672May 13, 2015
    risk 0.01cvss epss 0.17

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."

  • CVE-2015-1670May 13, 2015
    risk 0.01cvss epss 0.16

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font Parsing Vulnerability."

  • CVE-2014-4122Oct 15, 2014
    risk 0.01cvss epss 0.13

    Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR…

  • CVE-2014-4062Aug 12, 2014
    risk 0.01cvss epss 0.14

    Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."

  • CVE-2014-0295Feb 12, 2014
    risk 0.01cvss epss 0.14

    VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."

  • CVE-2013-0001Jan 9, 2013
    risk 0.01cvss epss 0.14

    The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or…

  • CVE-2012-0164May 9, 2012
    risk 0.01cvss epss 0.17

    Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."

  • CVE-2011-1253Oct 12, 2011
    risk 0.01cvss epss 0.13

    Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET…

  • CVE-2011-0664Jun 16, 2011
    risk 0.01cvss epss 0.16

    Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser…

Page 7 of 10