Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product .net Framework
Total 180 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-55248 3 Apple, Linux, Microsoft 20 Macos, Linux Kernel, .net and 17 more 2025-10-23 N/A 4.8 MEDIUM
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2020-1147 1 Microsoft 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more 2025-10-22 6.8 MEDIUM 7.8 HIGH
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2020-0646 1 Microsoft 9 .net Framework, Windows 10, Windows 7 and 6 more 2025-10-22 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
CVE-2017-8759 1 Microsoft 11 .net Framework, Windows 10 1507, Windows 10 1511 and 8 more 2025-10-22 9.3 HIGH 7.8 HIGH
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
CVE-2015-1671 1 Microsoft 11 .net Framework, Live Meeting, Lync and 8 more 2025-10-22 9.3 HIGH 7.8 HIGH
The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
CVE-2024-29059 1 Microsoft 15 .net Framework, Windows 10 1507, Windows 10 1607 and 12 more 2025-10-21 N/A 7.5 HIGH
.NET Framework Information Disclosure Vulnerability
CVE-2025-21176 3 Apple, Linux, Microsoft 20 Macos, Linux Kernel, .net and 17 more 2025-05-06 N/A 8.8 HIGH
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2017-8585 1 Microsoft 1 .net Framework 2025-04-20 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
CVE-2017-0248 1 Microsoft 1 .net Framework 2025-04-20 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
CVE-2017-0160 1 Microsoft 1 .net Framework 2025-04-20 7.2 HIGH 7.8 HIGH
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
CVE-2014-4072 1 Microsoft 1 .net Framework 2025-04-12 5.0 MEDIUM N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."
CVE-2016-0132 1 Microsoft 1 .net Framework 2025-04-12 10.0 HIGH 9.8 CRITICAL
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."
CVE-2015-1673 1 Microsoft 1 .net Framework 2025-04-12 9.3 HIGH N/A
The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."
CVE-2015-2479 1 Microsoft 1 .net Framework 2025-04-12 9.3 HIGH N/A
The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481.
CVE-2015-6099 1 Microsoft 1 .net Framework 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."
CVE-2015-2480 1 Microsoft 1 .net Framework 2025-04-12 9.3 HIGH N/A
The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481.
CVE-2015-6096 1 Microsoft 1 .net Framework 2025-04-12 4.3 MEDIUM N/A
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
CVE-2015-2435 1 Microsoft 15 .net Framework, Live Meeting, Lync and 12 more 2025-04-12 9.3 HIGH N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
CVE-2014-4149 1 Microsoft 1 .net Framework 2025-04-12 9.3 HIGH N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."
CVE-2015-2460 1 Microsoft 8 .net Framework, Windows 10, Windows 7 and 5 more 2025-04-12 9.3 HIGH N/A
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."