.net Framework
by Microsoft
CVEs (181)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2085 | 0.01 | — | 0.09 | May 27, 2010 | The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter. | |||
| CVE-2008-5100 | 0.01 | — | 0.08 | Nov 17, 2008 | The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly… | |||
| CVE-2006-1511 | 0.01 | — | 0.08 | Mar 30, 2006 | Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | |||
| CVE-2005-0509 | 0.01 | — | 0.16 | Mar 14, 2005 | Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters,… | |||
| CVE-2025-55248 | 0.00 | — | 0.01 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | |||
| CVE-2025-21176 | 0.00 | — | 0.02 | Jan 14, 2025 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2024-43484 | 0.00 | — | 0.03 | Oct 8, 2024 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | |||
| CVE-2024-43483 | 0.00 | — | 0.03 | Oct 8, 2024 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | |||
| CVE-2024-38081 | 0.00 | — | 0.01 | Jul 9, 2024 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2024-21312 | 0.00 | — | 0.04 | Jan 9, 2024 | .NET Framework Denial of Service Vulnerability | |||
| CVE-2024-0057 | 0.00 | — | 0.03 | Jan 9, 2024 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | |||
| CVE-2024-0056 | 0.00 | — | 0.01 | Jan 9, 2024 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | |||
| CVE-2023-36049 | 0.00 | — | 0.13 | Nov 14, 2023 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||
| CVE-2023-36042 | 0.00 | — | 0.01 | Nov 14, 2023 | Visual Studio Denial of Service Vulnerability | |||
| CVE-2023-36560 | 0.00 | — | 0.03 | Nov 14, 2023 | ASP.NET Security Feature Bypass Vulnerability | |||
| CVE-2023-36788 | 0.00 | — | 0.01 | Sep 12, 2023 | .NET Framework Remote Code Execution Vulnerability | |||
| CVE-2023-36792 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2023-36793 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2023-36794 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Remote Code Execution Vulnerability | |||
| CVE-2023-36796 | 0.00 | — | 0.01 | Sep 12, 2023 | Visual Studio Remote Code Execution Vulnerability |
- CVE-2010-2085May 27, 2010risk 0.01cvss —epss 0.09
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
- CVE-2008-5100Nov 17, 2008risk 0.01cvss —epss 0.08
The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly…
- CVE-2006-1511Mar 30, 2006risk 0.01cvss —epss 0.08
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
- CVE-2005-0509Mar 14, 2005risk 0.01cvss —epss 0.16
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters,…
- CVE-2025-55248Oct 14, 2025risk 0.00cvss —epss 0.01
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-21176Jan 14, 2025risk 0.00cvss —epss 0.02
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2024-43484Oct 8, 2024risk 0.00cvss —epss 0.03
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2024-43483Oct 8, 2024risk 0.00cvss —epss 0.03
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
- CVE-2024-38081Jul 9, 2024risk 0.00cvss —epss 0.01
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- CVE-2024-21312Jan 9, 2024risk 0.00cvss —epss 0.04
.NET Framework Denial of Service Vulnerability
- CVE-2024-0057Jan 9, 2024risk 0.00cvss —epss 0.03
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
- CVE-2024-0056Jan 9, 2024risk 0.00cvss —epss 0.01
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
- CVE-2023-36049Nov 14, 2023risk 0.00cvss —epss 0.13
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
- CVE-2023-36042Nov 14, 2023risk 0.00cvss —epss 0.01
Visual Studio Denial of Service Vulnerability
- CVE-2023-36560Nov 14, 2023risk 0.00cvss —epss 0.03
ASP.NET Security Feature Bypass Vulnerability
- CVE-2023-36788Sep 12, 2023risk 0.00cvss —epss 0.01
.NET Framework Remote Code Execution Vulnerability
- CVE-2023-36792Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Remote Code Execution Vulnerability
- CVE-2023-36793Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Remote Code Execution Vulnerability
- CVE-2023-36794Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Remote Code Execution Vulnerability
- CVE-2023-36796Sep 12, 2023risk 0.00cvss —epss 0.01
Visual Studio Remote Code Execution Vulnerability
Page 8 of 10