Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
Max CVSS
7.5
EPSS Score
0.41%
Published
2018-01-10
Updated
2021-08-12
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
Max CVSS
7.5
EPSS Score
0.35%
Published
2018-05-09
Updated
2018-06-14
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Max CVSS
7.5
EPSS Score
0.29%
Published
2018-01-10
Updated
2021-08-12
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Max CVSS
5.5
EPSS Score
0.10%
Published
2018-07-11
Updated
2022-05-23
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
Max CVSS
7.5
EPSS Score
0.11%
Published
2018-09-13
Updated
2022-10-04
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
Max CVSS
7.5
EPSS Score
1.76%
Published
2019-01-08
Updated
2022-05-23
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
Max CVSS
5.9
EPSS Score
0.28%
Published
2019-03-05
Updated
2019-03-07
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Max CVSS
7.5
EPSS Score
0.16%
Published
2019-05-16
Updated
2023-02-02
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.
Max CVSS
7.5
EPSS Score
0.21%
Published
2019-05-16
Updated
2019-05-22
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.
Max CVSS
7.5
EPSS Score
0.21%
Published
2019-05-16
Updated
2019-05-22
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
Max CVSS
7.5
EPSS Score
0.14%
Published
2019-09-11
Updated
2020-08-24
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
Max CVSS
9.3
EPSS Score
3.66%
Published
2020-01-14
Updated
2020-01-21
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
Max CVSS
9.3
EPSS Score
3.66%
Published
2020-01-14
Updated
2020-01-17
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
Max CVSS
7.5
EPSS Score
0.14%
Published
2020-05-21
Updated
2023-10-15
CVE-2020-1147
Known exploited
Public exploit
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Max CVSS
7.8
EPSS Score
84.07%
Published
2020-07-14
Updated
2022-07-12
CISA KEV Added
2021-11-03
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Max CVSS
6.5
EPSS Score
0.61%
Published
2020-09-15
Updated
2022-04-22
.NET Core and Visual Studio Denial of Service Vulnerability
Max CVSS
6.5
EPSS Score
0.17%
Published
2021-02-25
Updated
2023-12-29
.NET Core Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
1.67%
Published
2021-02-25
Updated
2023-12-29
.NET Core and Visual Studio Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.20%
Published
2021-08-12
Updated
2023-12-28
.NET Core Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
8.07%
Published
2021-02-25
Updated
2023-12-29
.NET and Visual Studio Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.14%
Published
2021-05-11
Updated
2023-12-29
ASP.NET Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.20%
Published
2021-06-08
Updated
2023-08-01
.NET Core and Visual Studio Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.07%
Published
2021-08-12
Updated
2023-12-28
.NET and Visual Studio Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.25%
Published
2022-05-10
Updated
2023-12-20
.NET and Visual Studio Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-03-09
Updated
2023-06-29