CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26314
https://notcve.org/view.php?id=CVE-2023-26314
22 Feb 2023 — The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2020-12470
https://notcve.org/view.php?id=CVE-2020-12470
29 Apr 2020 — MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. MonoX versiones anteriores a la versión 5.1.40.5152, permite a administradores ejecutar código arbitrario al modificar una plantilla ASPX. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20Template%20Modification • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-12471
https://notcve.org/view.php?id=CVE-2020-12471
29 Apr 2020 — MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. MonoX versiones anteriores a 5.1.40.5152, permite una ejecución de código remota por medio de los archivos HTML5Upload.ashx o Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx debido a una deserialización en ModuleGallery.HTML5Upload, ModuleG... • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Remote%20Code%20Execution%20via%20Insecure%20Deserialization • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12472
https://notcve.org/view.php?id=CVE-2020-12472
29 Apr 2020 — MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. MonoX versiones anteriores a 5.1.40.5152, permite un ataque de tipo XSS almacenado por medio de User Status, Blog Comments, o Blog Description. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Multiple%20Cross-Site-Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12473
https://notcve.org/view.php?id=CVE-2020-12473
29 Apr 2020 — MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. MonoX versiones anteriores a la versión 5.1.40.5152, permite a los administradores ejecutar programas arbitrarios al reconfigurar el ajuste de Converter Executable del archivo ffmpeg.exe a un programa diferente. • https://github.com/belong2yourself/vulnerabilities/tree/master/MonoX%20CMS/Privilege%20Escalation%20via%20ConvertVideo •
CVSS: 7.8EPSS: 4%CPEs: 26EXPL: 0CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
13 Mar 2019 — A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet.... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2318 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2318
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes Man-in-the-Middle (MitM) realicen ataques de salto de mensajes y que puedan suplantar clientes aprovechándose de la falta de validación del estado de los "handshakes". Esta vulnerabilidad también se conoce ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2319 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2319
23 Mar 2015 — The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. La pila TLS en Mono en versiones anteriores a la 3.12.1 hace que sea más fácil para los atacantes remotos realizar ataques de degradación de cifrado para los cifrados EXPORT_RSA a través de tráfico TLS manipulado. Esta vulnerabilidad está relacionada con el problema "FREAK", una ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-2320 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2320
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes remotos provoquen un impacto sin especificar mediante vectores relacionados con el fallback SSLv2 del lado del cliente. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersona... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2012-3543 – Gentoo Linux Security Advisory 201405-16
https://notcve.org/view.php?id=CVE-2012-3543
19 May 2014 — mono 2.10.x ASP.NET Web Form Hash collision DoS mono versión 2.10.x, ASP.NET Web Form realiza un Hash de una DoS de colisión. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure cipher... • http://www.openwall.com/lists/oss-security/2012/08/28/14 • CWE-20: Improper Input Validation •