Vulnerabilities > Microsoft > NET Framework > 2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-10 | CVE-2016-0047 | Information Exposure vulnerability in Microsoft .Net Framework WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability." | 5.0 |
2016-02-10 | CVE-2016-0033 | Code Injection vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | 5.0 |
2015-11-11 | CVE-2015-6115 | Information Exposure vulnerability in Microsoft .Net Framework 2.0/3.5/3.5.1 Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | 4.3 |
2015-11-11 | CVE-2015-6096 | Information Exposure vulnerability in Microsoft .Net Framework The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." | 4.3 |
2015-09-09 | CVE-2015-2504 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 improperly counts objects before performing an array copy, which allows remote attackers to (1) execute arbitrary code via a crafted XAML browser application (XBAP) or (2) bypass Code Access Security restrictions via a crafted .NET Framework application, aka ".NET Elevation of Privilege Vulnerability." | 9.3 |
2015-05-13 | CVE-2015-1673 | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability." | 9.3 |
2015-05-13 | CVE-2015-1672 | Cryptographic Issues vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability." <a href="https://cwe.mitre.org/data/definitions/674.html">CWE-674: Uncontrolled Recursion</a> | 5.0 |
2015-04-14 | CVE-2015-1648 | Data Processing Errors vulnerability in Microsoft .Net Framework ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." | 2.6 |
2014-11-11 | CVE-2014-4149 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability." | 9.3 |
2014-10-15 | CVE-2014-4122 | Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework 2.0/3.5/3.5.1 Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | 4.3 |