CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2011-0992 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2011-0992
13 Apr 2011 — Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Vulnerabilidad de tipo usar después de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue del plugin) u obtener inf... • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4225
https://notcve.org/view.php?id=CVE-2010-4225
11 Jan 2011 — Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." Vulnerabilidad no especificada en el módulo mod_mono para XSP en Mono v2.8.x anterior a v2.8.2, permite a atacantes remotos obtener el código fuente de aplicaciones .aspx (ASP.NET) a través de vectores desconocidos relacionados con un "error de descarga". • http://osvdb.org/70312 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 19%CPEs: 7EXPL: 2CVE-2010-4254 – Mono/Moonlight Generic Type Argument - Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4254
03 Dec 2010 — Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los métodos genéricos. Lo que permite a atacantes remotos evitar las restricciones genéricas y posiblemente... • https://www.exploit-db.com/exploits/15974 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
17 Nov 2010 — Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
27 May 2010 — The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), ... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 35%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 6.1EPSS: 9%CPEs: 20EXPL: 2CVE-2008-3906 – Mono 2.0 - 'System.Web' HTTP Header Injection
https://notcve.org/view.php?id=CVE-2008-3906
04 Sep 2008 — CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. Vulnerabilidad de inyección CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query). • https://www.exploit-db.com/exploits/32303 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3422
https://notcve.org/view.php?id=CVE-2008-3422
31 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de las librerías de cla... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 48EXPL: 0CVE-2007-5197
https://notcve.org/view.php?id=CVE-2007-5197
02 Nov 2007 — Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. El desbordamiento de búfer en la clase Mono.Math.BigInteger en Mono versión 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar código arbitrario por medio de vectores no específicos relacionados a Reduce en métodos Pow basados en Montgomery. • http://bugs.gentoo.org/attachment.cgi?id=134361&action=view • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5473
https://notcve.org/view.php?id=CVE-2007-5473
18 Oct 2007 — StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el código fuente de ficheros sensibles mediante una petición que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado ... • http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •