CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26314
https://notcve.org/view.php?id=CVE-2023-26314
22 Feb 2023 — The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
13 Mar 2019 — A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet.... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2318 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2318
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes Man-in-the-Middle (MitM) realicen ataques de salto de mensajes y que puedan suplantar clientes aprovechándose de la falta de validación del estado de los "handshakes". Esta vulnerabilidad también se conoce ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2319 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2319
23 Mar 2015 — The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. La pila TLS en Mono en versiones anteriores a la 3.12.1 hace que sea más fácil para los atacantes remotos realizar ataques de degradación de cifrado para los cifrados EXPORT_RSA a través de tráfico TLS manipulado. Esta vulnerabilidad está relacionada con el problema "FREAK", una ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2320 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2320
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes remotos provoquen un impacto sin especificar mediante vectores relacionados con el fallback SSLv2 del lado del cliente. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersona... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2012-3543 – Gentoo Linux Security Advisory 201405-16
https://notcve.org/view.php?id=CVE-2012-3543
19 May 2014 — mono 2.10.x ASP.NET Web Form Hash collision DoS mono versión 2.10.x, ASP.NET Web Form realiza un Hash de una DoS de colisión. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure cipher... • http://www.openwall.com/lists/oss-security/2012/08/28/14 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3382
https://notcve.org/view.php?id=CVE-2012-3382
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función ProcessRequest en mcs/class/System.Web/System.web/HttpForbiddenHandler.cs en Mono v2.10.8 y anterio... • http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2011-0989
https://notcve.org/view.php?id=CVE-2011-0989
13 Apr 2011 — The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. El método RuntimeHelpers.InitializeArray de metadata/icall.c de Mono, si Moonlight 2.x anterior ... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 8%CPEs: 7EXPL: 0CVE-2011-0990
https://notcve.org/view.php?id=CVE-2011-0990
13 Apr 2011 — Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. Condición de carrera en la optimización de FastCopy en el m... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2011-0991
https://notcve.org/view.php?id=CVE-2011-0991
13 Apr 2011 — Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. Vulnerabilidad de uso después de la liberación en Mono cuando se usa Moonlight v2.x anteriores a v2.4.1 o v3.x anteriores a v3.99.3 , permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-399: Resource Management Errors •