Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
142 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
143 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
144 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
145 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
146 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
147 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
148 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
149 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
150 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
151 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
152 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 -
9.3 		HIGH Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which a… CWE-20
 Improper Input Validation  		CVE-2011-0664 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:24
2011-06-17 		Show GitHub Exploit DB Packet Storm
142 -
5.1 		MEDIUM The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2011-1271 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:25
2011-05-11 		Show GitHub Exploit DB Packet Storm
143 -
9.3 		HIGH The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted X… CWE-20
 Improper Input Validation  		CVE-2010-3958 cpe:2.3:a:microsoft:.net_framework:4.0:*
cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:19
2011-04-14 		Show GitHub Exploit DB Packet Storm
144 -
9.3 		HIGH The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application th… CWE-94
Code Injection 		CVE-2010-3228 cpe:2.3:a:microsoft:.net_framework:4.0:* 2024-11-21 10:18
2010-10-14 		Show GitHub Exploit DB Packet Storm
145 -
6.4 		MEDIUM Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption … CWE-209
Information Exposure Through an Error Message 		CVE-2010-3332 cpe:2.3:a:microsoft:.net_framework:4.0:-
cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:18
2010-09-23 		Show GitHub Exploit DB Packet Storm
146 -
9.3 		HIGH The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac … CWE-94
Code Injection 		CVE-2010-1898 cpe:2.3:a:microsoft:.net_framework:3.5:sp1
cpe:2.3:a:microsoft:.net_framework:3.5:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 10:15
2010-08-12 		Show GitHub Exploit DB Packet Storm
147 -
4.3 		MEDIUM The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks… CWE-79
Cross-site Scripting 		CVE-2010-2085 cpe:2.3:a:microsoft:.net_framework:1.0:sp2
cpe:2.3:a:microsoft:.net_framework:1.0:sp1
cpe:2.3:a:microsoft:.net_fr… 		1.0 2010-05-28 13:00
2010-05-28 		Show GitHub Exploit DB Packet Storm
148 -
9.3 		HIGH Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP… CWE-189
Numeric Errors 		CVE-2009-3126 cpe:2.3:a:microsoft:.net_framework:2.0:sp2
cpe:2.3:a:microsoft:.net_framework:2.0:sp1
cpe:2.3:a:microsoft:.net_fr… 		2026-04-23 09:35
2009-10-14 		Show GitHub Exploit DB Packet Storm
149 -
9.3 		HIGH GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that tr… CWE-94
Code Injection 		CVE-2009-2528 cpe:2.3:a:microsoft:.net_framework:2.0:sp2
cpe:2.3:a:microsoft:.net_framework:2.0:sp1
cpe:2.3:a:microsoft:.net_fr… 		2026-04-23 09:35
2009-10-14 		Show GitHub Exploit DB Packet Storm
150 -
9.3 		HIGH Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server… CWE-189
Numeric Errors 		CVE-2009-2504 cpe:2.3:a:microsoft:.net_framework:2.0:sp2
cpe:2.3:a:microsoft:.net_framework:2.0:sp1
cpe:2.3:a:microsoft:.net_fr… 		2026-04-23 09:35
2009-10-14 		Show GitHub Exploit DB Packet Storm