) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Microsoft Entity Framework
- Search Type: Search All
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-3255 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." Published: July 12, 2016; 9:59:16 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-6096 |
The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." Published: November 11, 2015; 7:59:35 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2013-3860 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability." Published: October 09, 2013; 10:53:24 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
| CVE-2012-2519 |
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability." Published: November 13, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.9 HIGH |