Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product .net Framework
Total 179 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0041 1 Microsoft 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more 2025-04-09 9.3 HIGH N/A
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
CVE-2008-3842 1 Microsoft 5 .net Framework, Windows-nt, Windows 2000 and 2 more 2025-04-09 4.3 MEDIUM N/A
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
CVE-2009-3126 1 Microsoft 27 .net Framework, Excel Viewer, Expression Web and 24 more 2025-04-09 9.3 HIGH N/A
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
CVE-2009-2497 1 Microsoft 7 .net Framework, Windows 2000, Windows 7 and 4 more 2025-04-09 9.3 HIGH N/A
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
CVE-2009-0091 1 Microsoft 7 .net Framework, Windows 2000, Windows 7 and 4 more 2025-04-09 9.3 HIGH N/A
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
CVE-2020-0646 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2025-04-04 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
CVE-2006-1511 1 Microsoft 1 .net Framework 2025-04-03 5.1 MEDIUM N/A
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
CVE-2004-0200 1 Microsoft 24 .net Framework, Digital Image Pro, Digital Image Suite and 21 more 2025-04-03 9.3 HIGH N/A
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
CVE-2006-1510 1 Microsoft 1 .net Framework 2025-04-03 4.0 MEDIUM N/A
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
CVE-2002-0409 1 Microsoft 1 .net Framework 2025-04-03 5.0 MEDIUM N/A
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter.
CVE-2005-2127 2 Ati, Microsoft 6 Catalyst Driver, .net Framework, Office and 3 more 2025-04-03 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
CVE-2005-0509 2 Microsoft, Mono 2 .net Framework, Mono 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
CVE-2006-1300 1 Microsoft 1 .net Framework 2025-04-03 5.0 MEDIUM N/A
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
CVE-2002-0369 1 Microsoft 1 .net Framework 2025-04-03 10.0 HIGH N/A
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
CVE-2024-43484 3 Apple, Linux, Microsoft 21 Macos, Linux Kernel, .net and 18 more 2025-03-28 N/A 7.5 HIGH
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2020-1147 1 Microsoft 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more 2025-02-11 6.8 MEDIUM 7.8 HIGH
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2024-29059 1 Microsoft 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more 2025-02-05 N/A 7.5 HIGH
.NET Framework Information Disclosure Vulnerability
CVE-2024-21409 1 Microsoft 16 .net, .net Framework, Powershell and 13 more 2025-01-17 N/A 7.3 HIGH
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2022-41089 1 Microsoft 11 .net Framework, Windows 10, Windows 11 and 8 more 2025-01-02 N/A 7.8 HIGH
.NET Framework Remote Code Execution Vulnerability
CVE-2022-41064 1 Microsoft 12 .net Framework, Nuget, Windows 10 and 9 more 2025-01-02 N/A 5.8 MEDIUM
.NET Framework Information Disclosure Vulnerability