CVSS: 7.5EPSS: 38%CPEs: 6EXPL: 0CVE-2016-3255
https://notcve.org/view.php?id=CVE-2016-3255
13 Jul 2016 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes remotos leer archivos arbitrario a través de datos XML que contienen una declaración de entidad externa en conjunción c... • http://www.securityfocus.com/bid/91601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 15%CPEs: 7EXPL: 0CVE-2016-0149
https://notcve.org/view.php?id=CVE-2016-0149
11 May 2016 — Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes man-in-the-middle obtener información sensible en texto plano a través de vectores que implican la inyección de datos en texto... • http://www.securityfocus.com/bid/90026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0CVE-2016-0148 – Microsoft .NET Framework mscoreei DLL Planting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0148
12 Apr 2016 — Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 4.6 y 4.6.1 no maneja correctamente la carga de librerías, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como ".NET Framework Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary... • http://packetstormsecurity.com/files/136671/.NET-Framework-4.6-DLL-Hijacking.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 24%CPEs: 7EXPL: 0CVE-2016-0132
https://notcve.org/view.php?id=CVE-2016-0132
09 Mar 2016 — Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass." Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, y 4.6.1 no maneja correctamente la validación de firma para elementos no especificados de documentos XML, lo que permite a atacantes remotos suplantar firmas a través ... • http://www.securityfocus.com/bid/84075 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 17%CPEs: 6EXPL: 0CVE-2016-0033
https://notcve.org/view.php?id=CVE-2016-0033
10 Feb 2016 — Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 no impide la compilación recursiva de transformaciones XSLT, lo que permite a atacantes remotos causar una denegación de servicio (degradación ... • http://www.securitytracker.com/id/1034983 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 30%CPEs: 6EXPL: 0CVE-2016-0047
https://notcve.org/view.php?id=CVE-2016-0047
10 Feb 2016 — WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." WinForms en Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6 y 4.6.1 permite a atacantes remotos obtener información sensible desde la memoria de procesos a través de datos icon manipulados, también conocida como "Windows Forms Information Disclosure Vulnerability". • http://www.securitytracker.com/id/1034983 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •