Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
.NET Framework Number Of NVD 174 CRITICAL 6 HIGH 124 MEDIUM 41 LOW 3
URL https://dotnet.microsoft.com/
Explanation NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps

Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/]
Tag
  • C#
  • VB.NET
Add Information URL
No Type Name URL
1 https://dotnet.microsoft.com/download/dotnet-framework
2 https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
3 https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 .NET Framework 6.7 6.7.2 Nov. 8, 2021 Nov. 12, 2024 0 0 0 0
62 .NET Framework 4.8 4.8.1 April 18, 2019 3 34 7 1
63 .NET Framework 4.7 4.7.2 April 5, 2017 5 50 9 1
64 .NET Framework 4.6 4.6.2 July 20, 2015 6 64 14 1
65 .NET Framework 4.5 4.5.2 Aug. 15, 2012 Jan. 12, 2016 4 61 18 1
66 .NET Framework 4.0 April 12, 2010 Jan. 12, 2016 0 44 13 1
67 .NET Framework 3.5 SP1 Aug. 11, 2008 Oct. 10, 2028 6 98 25 3
68 .NET Framework 3.5 Nov. 19, 2007 July 12, 2011 6 98 25 3
69 .NET Framework 3.0 Nov. 6, 2006 July 12, 2011 5 51 9 1
70 .NET Framework 2.0 Oct. 27, 2005 July 12, 2011 4 89 25 3
71 .NET Framework 1.1 April 9, 2003 Oct. 8, 2013 0 27 10 1
72 .NET Framework 1.0 Jan. 15, 2002 July 14, 2009 0 18 8 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 7.5
5.0 		HIGH
Network 		A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0,… CWE-611
XXE 		CVE-2018-0765 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:38
2018-05-10 		Show GitHub Exploit DB Packet Storm
62 7.5
5.0 		HIGH
Network 		Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the … CWE-295
Improper Certificate Validation  		CVE-2018-0786 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:38
2018-01-10 		Show GitHub Exploit DB Packet Storm
63 7.5
5.0 		HIGH
Network 		Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents… NVD-CWE-noinfo
CVE-2018-0764 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:38
2018-01-10 		Show GitHub Exploit DB Packet Storm
64 7.8
9.3 		HIGH
Local 		Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Executio… NVD-CWE-noinfo
CWE-94
Code Injection 		CVE-2017-8759 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framew… 		2026-04-22 22:48
2017-09-13 		Show GitHub Exploit DB Packet Storm
65 7.5
5.0 		HIGH
Network 		Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerab… CWE-20
 Improper Input Validation  		CVE-2017-8585 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:34
2017-07-12 		Show GitHub Exploit DB Packet Storm
66 7.5
5.0 		HIGH
Network 		Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific … CWE-295
Improper Certificate Validation  		CVE-2017-0248 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:02
2017-05-12 		Show GitHub Exploit DB Packet Storm
67 7.8
7.2 		HIGH
Local 		Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." NVD-CWE-noinfo
CVE-2017-0160 cpe:2.3:a:microsoft:.net_framework:4.7:*
cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framew… 		2024-11-21 12:02
2017-04-12 		Show GitHub Exploit DB Packet Storm
68 7.5
5.0 		HIGH
Network 		The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain se… CWE-310
Cryptographic Issues 		CVE-2016-7270 cpe:2.3:a:microsoft:.net_framework:4.6.2:* 2024-11-21 11:57
2016-12-20 		Show GitHub Exploit DB Packet Storm
69 5.5
5.0 		MEDIUM
Local 		Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10… CWE-200
Information Exposure 		CVE-2016-3209 cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framework:4.5.2:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:49
2016-10-14 		Show GitHub Exploit DB Packet Storm
70 7.5
5.0 		HIGH
Network 		Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entit… CWE-200
NVD-CWE-Other
Information Exposure 		CVE-2016-3255 cpe:2.3:a:microsoft:.net_framework:4.6:*
cpe:2.3:a:microsoft:.net_framework:4.6.1:*
cpe:2.3:a:microsoft:.net_fram… 		2024-11-21 11:49
2016-07-13 		Show GitHub Exploit DB Packet Storm