| .NET Framework | Number Of NVD | 174 | CRITICAL | 6 | HIGH | 124 | MEDIUM | 41 | LOW | 3 |
| URL | https://dotnet.microsoft.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. NET Framework is a managed execution environment for Windows that provides a variety of services to running apps. It consists of the Common Language Runtime (CLR), an execution engine that handles running apps, and the .NET Framework class libraries, which are validated, reusable code libraries that developers can call from their own apps. The .NET Framework provides the following services to running apps Translated and excerpted from [https://docs.microsoft.com/ja-jp/dotnet/framework/get-started/] |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://dotnet.microsoft.com/download/dotnet-framework | ||
| 2 | https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed | ||
| 3 | https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 71 | .NET Framework 6.7 | 6.7.2 | Nov. 8, 2021 | Nov. 12, 2024 | 0 | 0 | 0 | 0 | |||
| 72 | .NET Framework 4.8 | 4.8.1 | April 18, 2019 | 3 | 34 | 7 | 1 | ||||
| 73 | .NET Framework 4.7 | 4.7.2 | April 5, 2017 | 5 | 50 | 9 | 1 | ||||
| 74 | .NET Framework 4.6 | 4.6.2 | July 20, 2015 | 6 | 64 | 14 | 1 | ||||
| 75 | .NET Framework 4.5 | 4.5.2 | Aug. 15, 2012 | Jan. 12, 2016 | 4 | 61 | 18 | 1 | |||
| 76 | .NET Framework 4.0 | April 12, 2010 | Jan. 12, 2016 | 0 | 44 | 13 | 1 | ||||
| 77 | .NET Framework 3.5 SP1 | Aug. 11, 2008 | Oct. 10, 2028 | 6 | 98 | 25 | 3 | ||||
| 78 | .NET Framework 3.5 | Nov. 19, 2007 | July 12, 2011 | 6 | 98 | 25 | 3 | ||||
| 79 | .NET Framework 3.0 | Nov. 6, 2006 | July 12, 2011 | 5 | 51 | 9 | 1 | ||||
| 80 | .NET Framework 2.0 | Oct. 27, 2005 | July 12, 2011 | 4 | 89 | 25 | 3 | ||||
| 81 | .NET Framework 1.1 | April 9, 2003 | Oct. 8, 2013 | 0 | 27 | 10 | 1 | ||||
| 82 | .NET Framework 1.0 | Jan. 15, 2002 | July 14, 2009 | 0 | 18 | 8 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 71 |
5.9 4.3 |
MEDIUM
Network |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext … |
CWE-200
Information Exposure |
CVE-2016-0149 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.6.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:41 2016-05-11 |
Show | GitHub Exploit DB Packet Storm | ||||
| 72 |
7.8 7.2 |
HIGH
Local |
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability." |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2016-0148 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.6.1:* |
2024-11-21 11:41 2016-04-13 |
Show | GitHub Exploit DB Packet Storm | ||||
| 73 |
8.8 9.3 |
HIGH
Network |
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-0145 |
cpe:2.3:a:microsoft:.net_framework:3.5:* cpe:2.3:a:microsoft:.net_framework:3.5.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:41 2016-04-13 |
Show | GitHub Exploit DB Packet Storm | ||||
| 74 |
9.8 10.0 |
CRITICAL
Network |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatur… |
CWE-20
Improper Input Validation |
CVE-2016-0132 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.6.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:41 2016-03-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 75 |
7.5 5.0 |
HIGH
Network |
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms I… |
CWE-200
Information Exposure |
CVE-2016-0047 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.6.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:40 2016-02-10 |
Show | GitHub Exploit DB Packet Storm | ||||
| 76 |
7.5 5.0 |
HIGH
Network |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance … |
CWE-94
Code Injection |
CVE-2016-0033 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.6.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:40 2016-02-10 |
Show | GitHub Exploit DB Packet Storm | ||||
| 77 |
- 9.3 |
HIGH | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 20… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2015-6108 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.5:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 11:34 2015-12-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 78 |
- 4.3 |
MEDIUM | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." |
CWE-200
Information Exposure |
CVE-2015-6115 |
cpe:2.3:a:microsoft:.net_framework:3.5:* cpe:2.3:a:microsoft:.net_framework:3.5.1:* cpe:2.3:a:microsoft:.net_fram… |
2024-11-21 11:34 2015-11-11 |
Show | GitHub Exploit DB Packet Storm | ||||
| 79 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka "… |
CWE-79
Cross-site Scripting |
CVE-2015-6099 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.5:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 11:34 2015-11-11 |
Show | GitHub Exploit DB Packet Storm | ||||
| 80 |
- 4.3 |
MEDIUM | The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction wit… |
CWE-200
Information Exposure |
CVE-2015-6096 |
cpe:2.3:a:microsoft:.net_framework:4.6:* cpe:2.3:a:microsoft:.net_framework:4.5:* cpe:2.3:a:microsoft:.net_framew… |
2024-11-21 11:34 2015-11-11 |
Show | GitHub Exploit DB Packet Storm |