This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2012-05-08
Product .Net Framework Last view 2023-11-14
Version 3.0 Type Application
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:.net_framework

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2023-11-14 CVE-2023-36560

ASP.NET Security Feature Bypass Vulnerability

9.8 2023-11-14 CVE-2023-36049

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.8 2023-09-12 CVE-2023-36796

Visual Studio Remote Code Execution Vulnerability

7.8 2023-09-12 CVE-2023-36794

Visual Studio Remote Code Execution Vulnerability

7.8 2023-09-12 CVE-2023-36793

Visual Studio Remote Code Execution Vulnerability

7.8 2023-09-12 CVE-2023-36792

Visual Studio Remote Code Execution Vulnerability

7.8 2023-09-12 CVE-2023-36788

.NET Framework Remote Code Execution Vulnerability

7.5 2023-06-14 CVE-2023-32030

.NET and Visual Studio Denial of Service Vulnerability

7.5 2023-06-14 CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.8 2023-06-14 CVE-2023-29326

.NET Framework Remote Code Execution Vulnerability

7.5 2023-06-14 CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.8 2023-06-14 CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

5 2023-02-14 CVE-2023-21722

.NET Framework Denial of Service Vulnerability

7.8 2022-12-13 CVE-2022-41089

.NET Framework Remote Code Execution Vulnerability

7.8 2022-09-13 CVE-2022-26929

.NET Framework Remote Code Execution Vulnerability.

3.3 2022-05-10 CVE-2022-30130

.NET Framework Denial of Service Vulnerability

7.5 2022-04-15 CVE-2022-26832

.NET Framework Denial of Service Vulnerability.

7.8 2020-05-21 CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

9.8 2020-01-14 CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

8.8 2020-01-14 CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

8.8 2020-01-14 CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.

8.8 2019-07-15 CVE-2019-1113

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

7.5 2019-07-15 CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5 2019-07-15 CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

5.5 2019-05-16 CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

CWE : Common Weakness Enumeration

%idName
46% (14) CWE-20 Improper Input Validation
16% (5) CWE-200 Information Exposure
6% (2) CWE-295 Certificate Issues
6% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
6% (2) CWE-19 Data Handling
3% (1) CWE-399 Resource Management Errors
3% (1) CWE-264 Permissions, Privileges, and Access Controls
3% (1) CWE-91 XML Injection (aka Blind XPath Injection)

OpenVAS Exploits

id Description
2012-05-09 Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
File : nvt/secpod_ms12-035.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311
2014-A-0128 Microsoft .NET Framework Security Feature Bypass Vulnerability
Severity: Category II - VMSKEY: V0053805
2013-A-0135 Microsoft GDI+ Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0039199
2013-B-0071 Multiple Vulnerabilities in Microsoft .NET Framework and Silverlight
Severity: Category II - VMSKEY: V0039211
2012-A-0080 Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework
Severity: Category I - VMSKEY: V0032305

Snort® IPS/IDS

Date Description
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54619 - Type : FILE-OTHER - Revision : 1
2020-09-02 Microsoft .NET API XPS file parsing remote code execution attempt
RuleID : 54618 - Type : FILE-OTHER - Revision : 1
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40409 - Type : FILE-OTHER - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40408 - Type : FILE-OTHER - Revision : 2
2016-05-12 Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces...
RuleID : 38494 - Type : FILE-OTHER - Revision : 2
2016-05-12 Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory acces...
RuleID : 38493 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35530 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35529 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35526 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35525 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35524 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35523 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35520 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35519 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35516 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35515 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35492 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remo...
RuleID : 35491 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35486 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows atmfd.dll font driver malformed OTF file remote code execut...
RuleID : 35485 - Type : FILE-OTHER - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34441 - Type : OS-WINDOWS - Revision : 2
2015-06-17 Microsoft Windows Win32k TrueType Font parsing out of bounds attempt
RuleID : 34440 - Type : OS-WINDOWS - Revision : 2
2014-01-10 Microsoft Internet Explorer xbap custom ISeralizable object exception attempt
RuleID : 22080 - Type : BROWSER-IE - Revision : 7
2014-01-10 Microsoft .NET framework EvidenceBase class remote code execution attempt
RuleID : 22079 - Type : OS-WINDOWS - Revision : 7

Nessus® Vulnerability Scanner

id Description
2016-10-12 Name: A multimedia application framework installed on the remote macOS or Mac OS X ...
File: macosx_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms16-065.nasl - Type: ACT_GATHER_INFO
2016-04-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-039.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote Windows host is affected by a security feature bypass vulnerability.
File: smb_nt_ms16-035.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-08-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-080.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-044.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: A multimedia application framework installed on the remote Mac OS X host is a...
File: macosx_ms15-049.nasl - Type: ACT_GATHER_INFO
2014-09-10 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-053.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The version of the .NET Framework installed on the remote host is affected by...
File: smb_nt_ms14-046.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms13-052.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The Windows kernel on the remote host is affected by multiple vulnerabilities.
File: smb_nt_ms13-053.nasl - Type: ACT_GATHER_INFO
2013-07-10 Name: The remote Windows host has a remote code execution vulnerability.
File: smb_nt_ms13-054.nasl - Type: ACT_GATHER_INFO
2012-05-09 Name: The .NET Framework install on the remote Windows host could allow arbitrary c...
File: smb_nt_ms12-035.nasl - Type: ACT_GATHER_INFO