| .NET Framework | Number Of NVD | 174 | CRITICAL | 6 | HIGH | 124 | MEDIUM | 41 | LOW | 3 |
| URL | https://dotnet.microsoft.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/] |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://dotnet.microsoft.com/download/dotnet-framework | ||
| 2 | https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed | ||
| 3 | https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 41 | .NET Framework 6.7 | 6.7.2 | Nov. 8, 2021 | Nov. 12, 2024 | 0 | 0 | 0 | 0 | |||
| 42 | .NET Framework 4.8 | 4.8.1 | April 18, 2019 | 3 | 34 | 7 | 1 | ||||
| 43 | .NET Framework 4.7 | 4.7.2 | April 5, 2017 | 5 | 50 | 9 | 1 | ||||
| 44 | .NET Framework 4.6 | 4.6.2 | July 20, 2015 | 6 | 64 | 14 | 1 | ||||
| 45 | .NET Framework 4.5 | 4.5.2 | Aug. 15, 2012 | Jan. 12, 2016 | 4 | 61 | 18 | 1 | |||
| 46 | .NET Framework 4.0 | April 12, 2010 | Jan. 12, 2016 | 0 | 44 | 13 | 1 | ||||
| 47 | .NET Framework 3.5 SP1 | Aug. 11, 2008 | Oct. 10, 2028 | 6 | 98 | 25 | 3 | ||||
| 48 | .NET Framework 3.5 | Nov. 19, 2007 | July 12, 2011 | 6 | 98 | 25 | 3 | ||||
| 49 | .NET Framework 3.0 | Nov. 6, 2006 | July 12, 2011 | 5 | 51 | 9 | 1 | ||||
| 50 | .NET Framework 2.0 | Oct. 27, 2005 | July 12, 2011 | 4 | 89 | 25 | 3 | ||||
| 51 | .NET Framework 1.1 | April 9, 2003 | Oct. 8, 2013 | 0 | 27 | 10 | 1 | ||||
| 52 | .NET Framework 1.0 | Jan. 15, 2002 | July 14, 2009 | 0 | 18 | 8 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 41 |
8.8 6.8 |
HIGH
Network |
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary… |
CWE-20
Improper Input Validation |
CVE-2019-1113 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:36 2019-07-16 |
Show | GitHub Exploit DB Packet Storm | ||||
| 42 |
7.5 5.0 |
HIGH
Network |
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. |
CWE-19
Data Processing Errors |
CVE-2019-1083 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:35 2019-07-16 |
Show | GitHub Exploit DB Packet Storm | ||||
| 43 |
7.5 5.0 |
HIGH
Network |
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/… |
CWE-295
Improper Certificate Validation |
CVE-2019-1006 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:35 2019-07-16 |
Show | GitHub Exploit DB Packet Storm | ||||
| 44 |
7.5 5.0 |
HIGH
Network |
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique fro… |
CWE-19
Data Processing Errors |
CVE-2019-0981 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:17 2019-05-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 45 |
7.5 5.0 |
HIGH
Network |
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique fro… |
CWE-19
Data Processing Errors |
CVE-2019-0980 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:17 2019-05-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 46 |
5.5 2.1 |
MEDIUM
Local |
A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory, aka '.NET Framework Denial of Service Vulnerability'. |
NVD-CWE-noinfo
|
CVE-2019-0864 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:17 2019-05-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 47 |
7.5 5.0 |
HIGH
Network |
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique … |
CWE-400
Uncontrolled Resource Consumption |
CVE-2019-0820 |
cpe:2.3:a:microsoft:.net_framework:4.8:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:17 2019-05-17 |
Show | GitHub Exploit DB Packet Storm | ||||
| 48 |
6.5 4.0 |
MEDIUM
Network |
GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. |
CWE-22
Path Traversal |
CVE-2019-11397 | cpe:2.3:a:microsoft:.net_framework:4.5:* |
2024-11-21 13:21 2019-05-15 |
Show | GitHub Exploit DB Packet Storm | ||||
| 49 |
5.9 4.3 |
MEDIUM
Network |
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. |
CWE-20
Improper Input Validation |
CVE-2019-0657 |
cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:17 2019-03-6 |
Show | GitHub Exploit DB Packet Storm | ||||
| 50 |
8.8 9.3 |
HIGH
Network |
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulne… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2019-0613 |
cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framework:4.7:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 13:16 2019-03-6 |
Show | GitHub Exploit DB Packet Storm |