22 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html https://www.openwall.com/lists/oss-security/2023/01/05/1 •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 https://access.redhat.com/security/cve/CVE-2019-0757 https://bugzilla.redhat.com/show_bug.cgi?id=1685475 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. La pila TLS en Mono en versiones anteriores a la 3.12.1 hace que sea más fácil para los atacantes remotos realizar ataques de degradación de cifrado para los cifrados EXPORT_RSA a través de tráfico TLS manipulado. Esta vulnerabilidad está relacionada con el problema "FREAK", una vulnerabilidad diferente de CVE-2015-0204. • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.securityfocus.com/bid/73250 http://www.ubuntu.com/usn/USN-2547-1 https://bugzilla.redhat.com/show_bug.cgi?id=1202869 https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10 https://mitls.org/pages/attacks/SMACK#freak https://www.debian.org/security/2015/dsa-3202 • CWE-295: Improper Certificate Validation •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes Man-in-the-Middle (MitM) realicen ataques de salto de mensajes y que puedan suplantar clientes aprovechándose de la falta de validación del estado de los "handshakes". Esta vulnerabilidad también se conoce como "SMACK SKIP-TLS". • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.securityfocus.com/bid/73253 http://www.ubuntu.com/usn/USN-2547-1 https://bugzilla.redhat.com/show_bug.cgi?id=1202869 https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4 https://mitls.org/pages/attacks/SMACK#skip https://www.debian.org/security/2015/dsa-3202 • CWE-295: Improper Certificate Validation •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes remotos provoquen un impacto sin especificar mediante vectores relacionados con el fallback SSLv2 del lado del cliente. • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.securityfocus.com/bid/73256 http://www.ubuntu.com/usn/USN-2547-1 https://bugzilla.redhat.com/show_bug.cgi?id=1202869 https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b https://www.debian.org/security/2015/dsa-3202 • CWE-295: Improper Certificate Validation •