Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
101 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
102 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
103 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
104 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
105 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
106 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
107 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
108 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
109 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
110 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
111 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
112 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
101 -
10.0 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-4073 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-10-15 		Show GitHub Exploit DB Packet Storm
102 -
5.0 		MEDIUM Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of servic… CWE-399
 Resource Management Errors 		CVE-2014-4072 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-09-10 		Show GitHub Exploit DB Packet Storm
103 -
4.3 		MEDIUM Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-4062 cpe:2.3:a:microsoft:.net_framework:3.5:*
cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:09
2014-08-13 		Show GitHub Exploit DB Packet Storm
104 -
10.0 		HIGH The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitra… CWE-94
Code Injection 		CVE-2014-1806 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:05
2014-05-14 		Show GitHub Exploit DB Packet Storm
105 -
4.3 		MEDIUM VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web sit… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-0295 cpe:2.3:a:microsoft:.net_framework:3.5.1:*
cpe:2.3:a:microsoft:.net_framework:2.0:sp2 		2024-11-21 11:01
2014-02-12 		Show GitHub Exploit DB Packet Storm
106 -
9.3 		HIGH Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrar… CWE-20
 Improper Input Validation  		CVE-2014-0257 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:01
2014-02-12 		Show GitHub Exploit DB Packet Storm
107 -
5.0 		MEDIUM Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon … CWE-20
 Improper Input Validation  		CVE-2014-0253 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.5.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:01
2014-02-12 		Show GitHub Exploit DB Packet Storm
108 -
7.8 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "J… CWE-20
 Improper Input Validation  		CVE-2013-3861 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:54
2013-10-9 		Show GitHub Exploit DB Packet Storm
109 -
7.8 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (ap… CWE-20
 Improper Input Validation  		CVE-2013-3860 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:54
2013-10-9 		Show GitHub Exploit DB Packet Storm
110 -
9.3 		HIGH The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows… NVD-CWE-noinfo
CVE-2013-3128 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:-
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-10-9 		Show GitHub Exploit DB Packet Storm