CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3382
https://notcve.org/view.php?id=CVE-2012-3382
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función ProcessRequest en mcs/class/System.Web/System.web/HttpForbiddenHandler.cs en Mono v2.10.8 y anterio... • http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0CVE-2011-0989
https://notcve.org/view.php?id=CVE-2011-0989
13 Apr 2011 — The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. El método RuntimeHelpers.InitializeArray de metadata/icall.c de Mono, si Moonlight 2.x anterior ... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 8%CPEs: 7EXPL: 0CVE-2011-0990
https://notcve.org/view.php?id=CVE-2011-0990
13 Apr 2011 — Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. Condición de carrera en la optimización de FastCopy en el m... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2011-0991
https://notcve.org/view.php?id=CVE-2011-0991
13 Apr 2011 — Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. Vulnerabilidad de uso después de la liberación en Mono cuando se usa Moonlight v2.x anteriores a v2.4.1 o v3.x anteriores a v3.99.3 , permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2011-0992 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2011-0992
13 Apr 2011 — Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Vulnerabilidad de tipo usar después de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue del plugin) u obtener inf... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4225
https://notcve.org/view.php?id=CVE-2010-4225
11 Jan 2011 — Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." Vulnerabilidad no especificada en el módulo mod_mono para XSP en Mono v2.8.x anterior a v2.8.2, permite a atacantes remotos obtener el código fuente de aplicaciones .aspx (ASP.NET) a través de vectores desconocidos relacionados con un "error de descarga". • http://osvdb.org/70312 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 66%CPEs: 7EXPL: 2CVE-2010-4254 – Mono/Moonlight Generic Type Argument - Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4254
03 Dec 2010 — Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los métodos genéricos. Lo que permite a atacantes remotos evitar las restricciones genéricas y posiblemente... • https://www.exploit-db.com/exploits/15974 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
17 Nov 2010 — Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1526 – Gentoo Linux Security Advisory 201401-01
https://notcve.org/view.php?id=CVE-2010-1526
24 Aug 2010 — Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. Multiples desbordamientos de enteros en libgdiplus v.2.6.7, como los usados en Mono, permite a... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
27 May 2010 — The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), ... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •