Microsoft Net Framework vulnerabilities
165 known vulnerabilities affecting microsoft/net_framework.
Total CVEs
165
CISA KEV
5
actively exploited
Public exploits
22
Exploited in wild
6
Severity breakdown
CRITICAL62HIGH62MEDIUM39LOW2
Vulnerabilities
Page 3 of 9
CVE-2019-0657MEDIUMCVSS 5.9v2.0v3.0+9 more2019-03-05
CVE-2019-0657 [MEDIUM] CWE-20 CVE-2019-0657: A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
nvd
CVE-2019-0545HIGHCVSS 7.5v2.0v3.0+9 more2019-01-08
CVE-2019-0545 [HIGH] CWE-200 CVE-2019-0545: An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassin
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Frame
nvd
CVE-2018-8540CRITICALCVSS 9.8v3.5v3.5.1+7 more2018-12-12
CVE-2018-8540 [CRITICAL] CWE-94 CVE-2018-8540: A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate inp
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Mi
nvd
CVE-2018-8517HIGHCVSS 7.5v3.5v3.5.1+7 more2018-12-12
CVE-2018-8517 [HIGH] CVE-2018-8517: A denial of service vulnerability exists when .NET Framework improperly handles special web requests
A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5
nvd
CVE-2018-8421CRITICALCVSS 9.8v2.0v3.0+9 more2018-09-13
CVE-2018-8421 [CRITICAL] CWE-20 CVE-2018-8421: A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET
nvd
CVE-2018-8360HIGHCVSS 7.5v2.0v3.0+9 more2018-08-15
CVE-2018-8360 [HIGH] CWE-200 CVE-2018-8360: An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attac
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework
nvd
CVE-2018-8260HIGHCVSS 8.8v4.7.2v4.7.2 Developer Pack2018-07-11
CVE-2018-8260 [HIGH] CWE-20 CVE-2018-8260: A Remote Code Execution vulnerability exists in .NET software when the software fails to check the s
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
cvelistv5nvd
CVE-2018-8284HIGHCVSS 8.1v2.0v3.0+9 more2018-07-11
CVE-2018-8284 [HIGH] CWE-94 CVE-2018-8284: A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate inp
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Mi
nvd
CVE-2018-8202HIGHCVSS 7.8v2.0v3.0+9 more2018-07-11
CVE-2018-8202 [HIGH] CVE-2018-8202: An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to el
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framewo
nvd
CVE-2018-8356MEDIUMCVSS 5.5v3.0v3.5+9 more2018-07-11
CVE-2018-8356 [MEDIUM] CWE-295 CVE-2018-8356: A security feature bypass vulnerability exists when Microsoft .NET Framework components do not corre
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, AS
cvelistv5nvd
CVE-2018-0765HIGHCVSS 7.5v2.0v3.0+9 more2018-05-09
CVE-2018-0765 [HIGH] CWE-611 CVE-2018-0765: A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, a
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft
nvd
CVE-2018-1039HIGHCVSS 7.8v2.0v3.0+8 more2018-05-09
CVE-2018-1039 [HIGH] CVE-2018-1039: A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to by
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0,
nvd
CVE-2018-0786HIGHCVSS 7.5v2.0v3.0+8 more2018-01-10
CVE-2018-0786 [HIGH] CWE-295 CVE-2018-0786: Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Co
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
nvd
CVE-2018-0764HIGHCVSS 7.5v2.0v3.0+8 more2018-01-10
CVE-2018-0764 [HIGH] CVE-2018-0764: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
nvd
CVE-2017-8759HIGHCVSS 7.8KEVPoCv4.5.2v3.5.1+6 more2017-09-13
CVE-2017-8759 [HIGH] CWE-94 CVE-2017-8759: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to exec
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
nvd
CVE-2017-8585HIGHCVSS 7.5v4.6v4.6.1+2 more2017-07-11
CVE-2017-8585 [HIGH] CWE-20 CVE-2017-8585: Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requ
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
nvd
CVE-2017-0248HIGHCVSS 7.5v2.0v3.5+6 more2017-05-12
CVE-2017-0248 [HIGH] CWE-295 CVE-2017-0248: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypa
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
nvd
CVE-2017-0160HIGHCVSS 7.8PoCv2.0v3.5+6 more2017-04-12
CVE-2017-0160 [HIGH] CVE-2017-0160: Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access t
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
nvd
CVE-2016-7270HIGHCVSS 7.5v4.6.22016-12-20
CVE-2016-7270 [HIGH] CWE-310 CVE-2016-7270: The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied k
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
nvd
CVE-2016-3209MEDIUMCVSS 5.5PoCv3.0v3.5+3 more2016-10-14
CVE-2016-3209 [MEDIUM] CWE-200 CVE-2016-3209: Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2
nvd