CVSS: 5.8EPSS: 2%CPEs: 7EXPL: 0CVE-2011-0992
https://notcve.org/view.php?id=CVE-2011-0992
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Vulnerabilidad de tipo usar después de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue del plugin) u obtener información confidencial a través de datos miembros de una instancia "resurrected MonoThread". • http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html http://openwall.com/lists/oss-security/2011/04/06/14 http://secunia.com/advisories/44002 http://secunia.com/advisories/44076 http://www.mono-project.com/Vulnerabilities http://www.securityfocus.com/bid/47208 http://www.vupen.com/english/advisories/2011/0904 https://bugzilla.novell.com/show_bug.cgi?id=667077 https://bugzilla.novell.com/show_bug.cgi?id=678515 https://bugzilla.redhat.com/show_bug.cgi?id=6949 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4225
https://notcve.org/view.php?id=CVE-2010-4225
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." Vulnerabilidad no especificada en el módulo mod_mono para XSP en Mono v2.8.x anterior a v2.8.2, permite a atacantes remotos obtener el código fuente de aplicaciones .aspx (ASP.NET) a través de vectores desconocidos relacionados con un "error de descarga". • http://osvdb.org/70312 http://secunia.com/advisories/42842 http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure http://www.securityfocus.com/bid/45711 http://www.vupen.com/english/advisories/2011/0051 https://exchange.xforce.ibmcloud.com/vulnerabilities/64532 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 34%CPEs: 7EXPL: 2CVE-2010-4254 – Mono/Moonlight Generic Type Argument - Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-4254
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los métodos genéricos. Lo que permite a atacantes remotos evitar las restricciones genéricas y posiblemente ejecutar código arbitrario a través de una llamada a un método modificado. Mono/Moonlight suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/15974 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://secunia.com/advisories/42373 http://secunia.com/advisories/42877 http://www.exploit-db.com/exploits/15974 http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability http://www.securityfocus.com/bid/45051 http://www.vupen.com/english/advisories/2011/0076 https:/ • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 66EXPL: 0CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html http://marc.info/?l=oss-security&m=128939873515821&w=2 http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://secunia.com/advisories/42174 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading http://www.securityfocus.com/bid/44810 http://www.vupe •
CVSS: 4.3EPSS: 0%CPEs: 62EXPL: 0CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el parámetro __VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting http://www.securityfocus.com/bid/40351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •