This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-08-14
Product .Net Framework Last view 2020-01-14
Version 4.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:.net_framework

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-01-14 CVE-2020-0646

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

8.8 2020-01-14 CVE-2020-0606

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

8.8 2020-01-14 CVE-2020-0605

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.

5.5 2019-09-11 CVE-2019-1142

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.

8.8 2019-07-15 CVE-2019-1113

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

7.5 2019-07-15 CVE-2019-1083

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

7.5 2019-07-15 CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

5.5 2019-05-16 CVE-2019-0864

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'.

8.8 2019-03-05 CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'.

7.5 2019-01-08 CVE-2019-0545

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.

9.8 2018-12-11 CVE-2018-8540

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.

7.5 2018-12-11 CVE-2018-8517

A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

9.8 2018-09-12 CVE-2018-8421

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.

7.5 2018-08-15 CVE-2018-8360

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.

5.5 2018-07-10 CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

8.1 2018-07-10 CVE-2018-8284

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

7.8 2018-07-10 CVE-2018-8202

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

7.8 2018-05-09 CVE-2018-1039

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.

7.8 2017-09-12 CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

7.5 2017-07-11 CVE-2017-8585

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

7.5 2017-05-12 CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

7.8 2017-04-12 CVE-2017-0160

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

5.5 2016-10-13 CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."

7.5 2016-07-12 CVE-2016-3255

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

5.9 2016-05-10 CVE-2016-0149

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

CWE : Common Weakness Enumeration

%idName
45% (18) CWE-20 Improper Input Validation
17% (7) CWE-200 Information Exposure
10% (4) CWE-264 Permissions, Privileges, and Access Controls
7% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (2) CWE-295 Certificate Issues
2% (1) CWE-287 Improper Authentication
2% (1) CWE-269 Improper Privilege Management
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-19 Data Handling
2% (1) CWE-17 Code

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0213 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-101)
Severity: Category II - VMSKEY: V0061387
2015-A-0195 Multiple Vulnerabilities in Microsoft .NET Framework (MS15-092)
Severity: Category II - VMSKEY: V0061309
2015-A-0196 Multiple Vulnerabilities in Microsoft Graphics Component (MS15-080)
Severity: Category II - VMSKEY: V0061311

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-10-17 RTF WSDL file download attempt
RuleID : 44372 - Type : FILE-OFFICE - Revision : 2
2017-10-17 RTF WSDL file download attempt
RuleID : 44371 - Type : FILE-OFFICE - Revision : 2
2017-10-12 WSDL soap endpoint location code injection attempt
RuleID : 44354 - Type : FILE-OTHER - Revision : 2
2017-10-12 WSDL soap endpoint location code injection attempt
RuleID : 44353 - Type : FILE-OTHER - Revision : 2
2017-05-11 Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt
RuleID : 42186 - Type : OS-WINDOWS - Revision : 3
2017-05-11 Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt
RuleID : 42185 - Type : OS-WINDOWS - Revision : 3
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40409 - Type : FILE-OTHER - Revision : 2
2016-11-08 Microsoft Windows malformed TrueType file RCVT out of bounds read attempt
RuleID : 40408 - Type : FILE-OTHER - Revision : 2
2016-05-12 Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt
RuleID : 38470 - Type : OS-WINDOWS - Revision : 3
2016-05-12 Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt
RuleID : 38469 - Type : OS-WINDOWS - Revision : 3
2016-03-15 Microsoft .NET Framework XSLT parser stack exhaustion attempt
RuleID : 37656 - Type : OS-WINDOWS - Revision : 3
2016-03-15 Microsoft .NET Framework XSLT parser stack exhaustion attempt
RuleID : 37655 - Type : OS-WINDOWS - Revision : 3
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36713 - Type : OS-WINDOWS - Revision : 2
2016-03-14 Microsoft Windows ClickOnce information disclosure attempt
RuleID : 36712 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36015 - Type : OS-WINDOWS - Revision : 2
2015-10-14 Microsoft Windows System.DirectoryServices.Protocols.Utility class memory ove...
RuleID : 36014 - Type : OS-WINDOWS - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35530 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows malformed TTF table hmtx remote code execution attempt
RuleID : 35529 - Type : FILE-OTHER - Revision : 2
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35526 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TrueType font parsing integer underflow attempt
RuleID : 35525 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35524 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows TTF invalid system memory access attempt
RuleID : 35523 - Type : OS-WINDOWS - Revision : 4
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35520 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt
RuleID : 35519 - Type : FILE-OTHER - Revision : 3
2015-09-10 Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt
RuleID : 35516 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-11-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3248.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038781.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025338.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038783.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038777.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038782.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038788.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038792.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038799.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_sep_4041083.nasl - Type: ACT_GATHER_INFO
2017-09-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_win2008.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025344.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025342.nasl - Type: ACT_GATHER_INFO
2017-07-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025339.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019215.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019474.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019473.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4019472.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_may_4019112.nasl - Type: ACT_GATHER_INFO
2017-05-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_may_4016871.nasl - Type: ACT_GATHER_INFO
2017-04-14 Name: The remote Windows host has a software framework installed that is affected b...
File: smb_nt_ms17_apr_4014981.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO
2017-04-11 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO
2016-10-12 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms16-120.nasl - Type: ACT_GATHER_INFO