Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
161 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
162 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
163 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
164 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
165 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
166 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
167 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
168 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
169 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
170 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
171 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
172 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
161 -
4.3 		MEDIUM Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to … CWE-79
Cross-site Scripting 		CVE-2008-3843 cpe:2.3:a:microsoft:.net_framework:2.0:*
cpe:2.3:a:microsoft:.net_framework:1.1:sp1
cpe:2.3:a:microsoft:.net_fram… 		2026-04-23 09:35
2008-08-28 		Show GitHub Exploit DB Packet Storm
162 -
9.3 		HIGH The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-0041 cpe:2.3:a:microsoft:.net_framework:2.0:*
cpe:2.3:a:microsoft:.net_framework:1.1:*
cpe:2.3:a:microsoft:.net_framew… 		2026-04-23 09:35
2007-07-11 		Show GitHub Exploit DB Packet Storm
163 -
7.8 		HIGH Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitiv… CWE-200
Information Exposure 		CVE-2007-0042 cpe:2.3:a:microsoft:.net_framework:2.0:*
cpe:2.3:a:microsoft:.net_framework:1.1:*
cpe:2.3:a:microsoft:.net_framew… 		2026-04-23 09:35
2007-07-11 		Show GitHub Exploit DB Packet Storm
164 -
9.3 		HIGH The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2007-0043 cpe:2.3:a:microsoft:.net_framework:2.0:*
cpe:2.3:a:microsoft:.net_framework:1.1:*
cpe:2.3:a:microsoft:.net_framew… 		2026-04-23 09:35
2007-07-11 		Show GitHub Exploit DB Packet Storm
165 -
4.3 		MEDIUM Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks… NVD-CWE-Other
CVE-2006-7192 cpe:2.3:a:microsoft:.net_framework:2.0:* 2026-04-23 09:35
2007-04-11 		Show GitHub Exploit DB Packet Storm
166 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set th… NVD-CWE-Other
CVE-2006-3436 cpe:2.3:a:microsoft:.net_framework:2.0:* 2026-04-23 09:35
2006-10-11 		Show GitHub Exploit DB Packet Storm
167 -
5.0 		MEDIUM Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that … NVD-CWE-Other
CVE-2006-1300 cpe:2.3:a:microsoft:.net_framework:2.0:* 2018-10-13 06:39
2006-07-12 		Show GitHub Exploit DB Packet Storm
168 -
4.0 		MEDIUM Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers t… NVD-CWE-Other
CVE-2006-1510 cpe:2.3:a:microsoft:.net_framework:1.1:sp1
cpe:2.3:a:microsoft:.net_framework:1.1:*
cpe:2.3:a:microsoft:.net_fram… 		2017-07-20 10:30
2006-03-30 		Show GitHub Exploit DB Packet Storm
169 -
5.1 		MEDIUM Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. NVD-CWE-Other
CVE-2006-1511 cpe:2.3:a:microsoft:.net_framework:1.1:sp1
cpe:2.3:a:microsoft:.net_framework:1.1:*
cpe:2.3:a:microsoft:.net_fram… 		2017-07-20 10:30
2006-03-30 		Show GitHub Exploit DB Packet Storm
170 -
7.5 		HIGH Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that refe… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2005-2127 cpe:2.3:a:microsoft:.net_framework:1.1:sp3
cpe:2.3:a:microsoft:.net_framework:1.1:sp2
cpe:2.3:a:microsoft:.net_fr… 		2018-10-20 00:32
2005-08-19 		Show GitHub Exploit DB Packet Storm