Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
91 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
92 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
93 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
94 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
95 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
96 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
97 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
98 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
99 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
100 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
101 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
102 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
91 -
9.3 		HIGH Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 … CWE-20
 Improper Input Validation  		CVE-2015-2455 cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 11:27
2015-08-15 		Show GitHub Exploit DB Packet Storm
92 -
9.3 		HIGH Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 … CWE-20
 Improper Input Validation  		CVE-2015-2435 cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 11:27
2015-08-15 		Show GitHub Exploit DB Packet Storm
93 7.8
9.3 		HIGH
Local 		The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Atten… NVD-CWE-noinfo
CVE-2015-1671 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2026-04-23 01:31
2015-05-13 		Show GitHub Exploit DB Packet Storm
94 -
9.3 		HIGH The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a craf… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-1673 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:25
2015-05-13 		Show GitHub Exploit DB Packet Storm
95 -
5.0 		MEDIUM Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XM… CWE-310
Cryptographic Issues 		CVE-2015-1672 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:25
2015-05-13 		Show GitHub Exploit DB Packet Storm
96 -
4.3 		MEDIUM The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a c… CWE-200
Information Exposure 		CVE-2015-1670 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:25
2015-05-13 		Show GitHub Exploit DB Packet Storm
97 -
2.6 		LOW ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-… CWE-19
 Data Processing Errors 		CVE-2015-1648 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:25
2015-04-15 		Show GitHub Exploit DB Packet Storm
98 -
9.3 		HIGH Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted d… CWE-20
 Improper Input Validation  		CVE-2014-4149 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-11-12 		Show GitHub Exploit DB Packet Storm
99 -
4.3 		MEDIUM Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging th… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-4122 cpe:2.3:a:microsoft:.net_framework:3.5:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-10-15 		Show GitHub Exploit DB Packet Storm
100 -
10.0 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause… CWE-399
 Resource Management Errors 		CVE-2014-4121 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-10-15 		Show GitHub Exploit DB Packet Storm