CVSS: 4.3EPSS: 17%CPEs: 5EXPL: 0CVE-2014-4062
https://notcve.org/view.php?id=CVE-2014-4062
12 Aug 2014 — Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability." Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, y 3.5.1 no implementa debidamente el mecanismo de protección ASLR, lo que permite a atacantes remotos obtener información sensible de direcciones a través de un sitio web manipulado, también conocido como... • http://www.securityfocus.com/bid/69145 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 7EXPL: 2CVE-2014-1806 – .NET Remoting Services - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-1806
14 May 2014 — The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." La implementación .NET Remoting en Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 y 4.5.1 no restringe debidamente acceso a memoria, lo que permite a atacantes remotos ejecutar código arbitrario a través de vecto... • https://packetstorm.news/files/id/129165 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 18%CPEs: 7EXPL: 0CVE-2014-0253
https://notcve.org/view.php?id=CVE-2014-0253
12 Feb 2014 — Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability." Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 y 4.5.1 no determina adecuadamente los estados de c... • http://osvdb.org/103162 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 56%CPEs: 8EXPL: 3CVE-2014-0257 – Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009)
https://notcve.org/view.php?id=CVE-2014-0257
12 Feb 2014 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 y 4.5.1 no determina adecuadamente si es seguro ejecutar un método, lo que permite a atacant... • https://packetstorm.news/files/id/127246 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 7EXPL: 0CVE-2013-3132
https://notcve.org/view.php?id=CVE-2013-3132
10 Jul 2013 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, y 4.5, no valida adecuadamente los permisos de los objetos que usan el reflejo (reflection), lo que permite a atacant... • http://www.us-cert.gov/ncas/alerts/TA13-190A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 20%CPEs: 54EXPL: 0CVE-2013-0001
https://notcve.org/view.php?id=CVE-2013-0001
09 Jan 2013 — The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." El componente Windows Forms (también conocido como WinForms)de Microsoft .NET... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 58%CPEs: 54EXPL: 0CVE-2013-0002 – Microsoft .NET Framework EncoderParameters.ConvertToMemory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0002
09 Jan 2013 — Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Desbordamiento de búfer en el componente Windows Forms (también conocido como WinForms) de Micros... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 54EXPL: 0CVE-2013-0004
https://notcve.org/view.php?id=CVE-2013-0004
09 Jan 2013 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." Microsoft. NET Framework 1.0 Service Pack 3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4 y 4.5 no valida correctamente los permisos de los objetos en memoria, lo que permite ... • http://www.us-cert.gov/cas/techalerts/TA13-008A.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 8%CPEs: 39EXPL: 0CVE-2012-1895
https://notcve.org/view.php?id=CVE-2012-1895
14 Nov 2012 — The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." La implementación de "reflaction" en Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, v3.5.1, y v4 no refuerza los permisos de objetos de forma adecuada, lo que permite a ... • http://secunia.com/advisories/51236 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2519
https://notcve.org/view.php?id=CVE-2012-2519
14 Nov 2012 — Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Una vulnerabilidad de ruta de búsqueda no confiable en Entity Framework en ADO.NET en Microsoft .NET Framework v1.0 Service Pack v3. v1.1 SP1, v2.0 SP2... • http://secunia.com/advisories/51236 •