CVSS: 9.3EPSS: 53%CPEs: 13EXPL: 0CVE-2012-0015
https://notcve.org/view.php?id=CVE-2012-0015
14 Feb 2012 — Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." Microsoft .NET Framework v2.0 SP2 y v3.5.1 no calcula correctamente la longitud de un búfer no especificado, lo que permite a atacantes remotos ejecutar código d... • http://www.us-cert.gov/cas/techalerts/TA12-045A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 15%CPEs: 41EXPL: 0CVE-2011-1253
https://notcve.org/view.php?id=CVE-2011-1253
12 Oct 2011 — Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability." Microsoft .NET Framework v1.0 SP3, v1.1 SP1, v2.0 SP2, v3.5.1, y v4, y Silverlight v4 ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-078 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 21%CPEs: 15EXPL: 0CVE-2011-1977
https://notcve.org/view.php?id=CVE-2011-1977
10 Aug 2011 — The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability." Los controles ASP.NET Chart de Microsoft .NET Framework 4, and Chart Control para Microsoft .NET Framework 3.5 SP1, no verifican apropiadamente funciones en URIs, lo que permite a atacantes re... • http://www.us-cert.gov/cas/techalerts/TA11-221A.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 18%CPEs: 27EXPL: 0CVE-2011-1978
https://notcve.org/view.php?id=CVE-2011-1978
10 Aug 2011 — Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability." Microsoft .NET Framework v2.0 SP2, v3.5.1 y v4 no valida adecuadamente el nivel de confianza de System.Net.Socke... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-069 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 19%CPEs: 62EXPL: 0CVE-2011-0664
https://notcve.org/view.php?id=CVE-2011-0664
16 Jun 2011 — Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." El framework Microsoft .NET 2.0 SP1 y SP2... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-039 • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 3%CPEs: 64EXPL: 2CVE-2011-1271 – Microsoft .NET Framework JIT Compiler - Optimization NULL String Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-1271
10 May 2011 — The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework applic... • https://www.exploit-db.com/exploits/35740 • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 57%CPEs: 36EXPL: 0CVE-2010-3958
https://notcve.org/view.php?id=CVE-2010-3958
13 Apr 2011 — The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." El compilador x86 JIT de Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, y 4.0 no compila apropiadamente las llamadas a funciones, lo que perm... • http://www.us-cert.gov/cas/techalerts/TA11-102A.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 52%CPEs: 12EXPL: 0CVE-2010-3228
https://notcve.org/view.php?id=CVE-2010-3228
13 Oct 2010 — The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." El Compilador JIT en Microsoft .NET Framework v4.0 en plataformas 64-bit no realiza adecuadamente optimizaciones, lo que permite a atacantes remotos ejecutar código de su elección a través de aplicaciones .NET manipuladas que ini... • http://www.us-cert.gov/cas/techalerts/TA10-285A.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 89%CPEs: 8EXPL: 6CVE-2010-3332 – Microsoft ASP.NET - Padding Oracle (MS10-070)
https://notcve.org/view.php?id=CVE-2010-3332
22 Sep 2010 — Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." Microsoft .NET Framework versiones 1.1 SP1, 2.0 SP1 y SP2, 3.5, 3.5 SP1, 3... • https://www.exploit-db.com/exploits/15213 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.3EPSS: 58%CPEs: 8EXPL: 0CVE-2010-3190 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2010-3190
31 Aug 2010 — Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a T... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html • CWE-426: Untrusted Search Path •