The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of .NET Framework

computer vulnerability CVE-2018-8360

Microsoft .NET: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Microsoft .NET, in order to obtain sensitive information.
Impacted products: .NET Framework.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-398, CVE-2018-8360, VIGILANCE-VUL-26985.

Description of the vulnerability

The Microsoft .NET product offers a web service.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability of Microsoft .NET, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-8171 CVE-2018-8202 CVE-2018-8260

Microsoft .NET: vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: .NET Framework.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 11/07/2018.
Identifiers: 6, CERTFR-2018-AVI-337, CVE-2018-8171, CVE-2018-8202, CVE-2018-8260, CVE-2018-8284, CVE-2018-8356, VIGILANCE-VUL-26677.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0765 CVE-2018-1039

Microsoft .NET: vulnerabilities of May 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: .NET Framework.
Severity: 3/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/05/2018.
Identifiers: 1514, CERTFR-2018-AVI-222, CVE-2018-0765, CVE-2018-1039, VIGILANCE-VUL-26059.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0764 CVE-2018-0784 CVE-2018-0785

Microsoft .NET: vulnerabilities of January 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: .NET Framework, Windows PowerShell.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/01/2018.
Revision date: 29/01/2018.
Identifiers: CERTFR-2018-AVI-023, CVE-2018-0764, CVE-2018-0784, CVE-2018-0785, CVE-2018-0786, VIGILANCE-VUL-24991.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-8759

Microsoft .NET Framework: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Microsoft .NET Framework, in order to run code.
Impacted products: .NET Framework.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 13/09/2017.
Identifiers: CERTFR-2017-AVI-296, CVE-2017-8759, VIGILANCE-VUL-23822, VU#101048.

Description of the vulnerability

An attacker can use a vulnerability of Microsoft .NET Framework, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-8585

Microsoft .NET Framework: vulnerabilities of July 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft .NET Framework.
Impacted products: .NET Framework.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 12/07/2017.
Identifiers: CERTFR-2017-AVI-210, CVE-2017-8585, VIGILANCE-VUL-23201.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-0248

Microsoft .NET: privilege escalation via Enhanced Key Usage

Synthesis of the vulnerability

An attacker can bypass restrictions via Enhanced Key Usage of Microsoft .NET, in order to escalate his privileges.
Impacted products: .NET Framework.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 10/05/2017.
Identifiers: CERTFR-2017-AVI-146, CVE-2017-0248, VIGILANCE-VUL-22683.

Description of the vulnerability

An attacker can bypass restrictions via Enhanced Key Usage of Microsoft .NET, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-0160

Microsoft .NET: vulnerabilities of April 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: .NET Framework.
Severity: 4/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 12/04/2017.
Revision date: 19/04/2017.
Identifiers: 1081, CERTFR-2017-AVI-110, CVE-2017-0160, VIGILANCE-VUL-22416.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 21544

Microsoft .NET: privilege escalation via Microsoft.IdentityModel.Tokens

Synthesis of the vulnerability

An attacker can bypass restrictions via Microsoft.IdentityModel.Tokens of Microsoft .NET, in order to escalate his privileges.
Impacted products: .NET Framework.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 11/01/2017.
Identifiers: 3214296, VIGILANCE-VUL-21544.

Description of the vulnerability

An attacker can bypass restrictions via Microsoft.IdentityModel.Tokens of Microsoft .NET, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7270

Microsoft .NET: information disclosure via SQL Server Always Encrypted

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Impacted products: .NET Framework, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3205640, CERTFR-2016-AVI-417, CVE-2016-7270, MS16-155, VIGILANCE-VUL-21378.

Description of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about .NET Framework: