Note:
This project will be discontinued after December 13, 2021. [more]
Product:
\.net_framework
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 177 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-02-10 | CVE-2016-0047 | WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." | \.net_framework | 7.5 | ||
| 2016-02-10 | CVE-2016-0033 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | \.net_framework | 7.5 | ||
| 2015-11-11 | CVE-2015-6115 | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | \.net_framework | N/A | ||
| 2015-11-11 | CVE-2015-6099 | Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability." | \.net_framework | N/A | ||
| 2015-11-11 | CVE-2015-6096 | The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | \.net_framework | N/A | ||
| 2015-09-08 | CVE-2015-2526 | Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." | \.net_framework | N/A | ||
| 2015-09-08 | CVE-2015-2504 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability." | \.net_framework | N/A | ||
| 2015-08-14 | CVE-2015-2481 | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480. | \.net_framework | N/A | ||
| 2015-08-14 | CVE-2015-2480 | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481. | \.net_framework | N/A | ||
| 2015-08-14 | CVE-2015-2479 | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481. | \.net_framework | N/A |