Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
111 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
112 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
113 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
114 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
115 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
116 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
117 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
118 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
119 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
120 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
121 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
122 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
111 -
9.3 		HIGH The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to exec… CWE-94
Code Injection 		CVE-2013-3171 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
112 -
9.3 		HIGH The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to exe… CWE-94
Code Injection 		CVE-2013-3134 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
113 -
9.3 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a craf… CWE-94
Code Injection 		CVE-2013-3133 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
114 -
9.3 		HIGH Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary c… CWE-94
Code Injection 		CVE-2013-3132 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
115 -
9.3 		HIGH Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote… CWE-94
Code Injection 		CVE-2013-3131 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
116 -
9.3 		HIGH Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windo… CWE-94
Code Injection 		CVE-2013-3129 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:53
2013-07-10 		Show GitHub Exploit DB Packet Storm
117 -
7.5 		HIGH Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTP… CWE-287
Improper Authentication 		CVE-2013-1337 cpe:2.3:a:microsoft:.net_framework:4.5:* 2024-11-21 10:49
2013-05-15 		Show GitHub Exploit DB Packet Storm
118 -
5.0 		MEDIUM The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XM… CWE-20
 Improper Input Validation  		CVE-2013-1336 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:49
2013-05-15 		Show GitHub Exploit DB Packet Storm
119 -
10.0 		HIGH The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which a… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0073 cpe:2.3:a:microsoft:.net_framework:4.5:*
cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 10:46
2013-02-13 		Show GitHub Exploit DB Packet Storm
120 -
7.8 		HIGH The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, al… CWE-20
 Improper Input Validation  		CVE-2013-0005 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:46
2013-01-10 		Show GitHub Exploit DB Packet Storm