Vulnerabilities > Microsoft > NET Framework > 2.0

DATE CVE VULNERABILITY TITLE RISK
2017-05-12 CVE-2017-0248 Improper Certificate Validation vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
network
low complexity
microsoft CWE-295
7.5
2017-04-12 CVE-2017-0160 Unspecified vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."
local
low complexity
microsoft
7.8
2016-07-13 CVE-2016-3255 Unspecified vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
network
low complexity
microsoft
7.5
2016-05-11 CVE-2016-0149 Information Exposure vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
5.9
2016-03-09 CVE-2016-0132 Improper Input Validation vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."
network
low complexity
microsoft CWE-20
critical
9.8
2016-02-10 CVE-2016-0047 Information Exposure vulnerability in Microsoft .Net Framework
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
7.5
2016-02-10 CVE-2016-0033 Code Injection vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
network
low complexity
microsoft CWE-94
7.5