| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-7270 | 5.0 |
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key gue
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-3255 | 5.0 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE
|
12-10-2018 - 22:12 | 13-07-2016 - 01:59 | |
| CVE-2016-0148 | 7.2 |
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."
|
12-10-2018 - 22:11 | 12-04-2016 - 23:59 | |
| CVE-2016-0132 | 10.0 |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validatio
|
12-10-2018 - 22:11 | 09-03-2016 - 11:59 | |
| CVE-2016-0149 | 4.3 |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/S
|
12-10-2018 - 22:11 | 11-05-2016 - 01:59 | |
| CVE-2015-6096 | 4.3 |
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External E
|
12-10-2018 - 22:10 | 11-11-2015 - 12:59 | |
| CVE-2015-6115 | 4.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."
|
12-10-2018 - 22:10 | 11-11-2015 - 12:59 | |
| CVE-2015-6099 | 4.3 |
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."
|
12-10-2018 - 22:10 | 11-11-2015 - 12:59 | |
| CVE-2016-0033 | 5.0 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Frame
|
12-10-2018 - 22:10 | 10-02-2016 - 11:59 | |
| CVE-2016-0047 | 5.0 |
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
|
12-10-2018 - 22:10 | 10-02-2016 - 11:59 |