CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2318 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2318
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes Man-in-the-Middle (MitM) realicen ataques de salto de mensajes y que puedan suplantar clientes aprovechándose de la falta de validación del estado de los "handshakes". Esta vulnerabilidad también se conoce ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2319 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2319
23 Mar 2015 — The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. La pila TLS en Mono en versiones anteriores a la 3.12.1 hace que sea más fácil para los atacantes remotos realizar ataques de degradación de cifrado para los cifrados EXPORT_RSA a través de tráfico TLS manipulado. Esta vulnerabilidad está relacionada con el problema "FREAK", una ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2320 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2320
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes remotos provoquen un impacto sin especificar mediante vectores relacionados con el fallback SSLv2 del lado del cliente. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersona... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-3382
https://notcve.org/view.php?id=CVE-2012-3382
12 Jul 2012 — Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función ProcessRequest en mcs/class/System.Web/System.web/HttpForbiddenHandler.cs en Mono v2.10.8 y anterio... • http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 66EXPL: 0CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
17 Nov 2010 — Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
27 May 2010 — The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), ... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 97%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 6.1EPSS: 2%CPEs: 20EXPL: 2CVE-2008-3906 – Mono 2.0 - 'System.Web' HTTP Header Injection
https://notcve.org/view.php?id=CVE-2008-3906
04 Sep 2008 — CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. Vulnerabilidad de inyección CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query). • https://www.exploit-db.com/exploits/32303 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3422
https://notcve.org/view.php?id=CVE-2008-3422
31 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de las librerías de cla... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-5072
https://notcve.org/view.php?id=CVE-2006-5072
05 Oct 2006 — The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Las clases System.CodeDom.Compiler en Novell Mono crean archivos temporales con permisos no seguros, lo cual permite a usuarios locales sobreescribir ficheros de su elección a ejecutar código de su elección a través de un ataque symlink. • http://fedoranews.org/cms/node/2401 •