CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26314
https://notcve.org/view.php?id=CVE-2023-26314
22 Feb 2023 — The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 •
CVSS: 7.8EPSS: 4%CPEs: 26EXPL: 0CVE-2019-0757 – dotnet: NuGet Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2019-0757
13 Mar 2019 — A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Existe una vulnerabilidad de manipulación en NuGet Package Manager para Linux y Mac que podría permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, también conocida como 'NuGet Package Manager Tampering Vulnerability'. A flaw was found in dotnet.... • https://access.redhat.com/errata/RHSA-2019:1259 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2318 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2318
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes Man-in-the-Middle (MitM) realicen ataques de salto de mensajes y que puedan suplantar clientes aprovechándose de la falta de validación del estado de los "handshakes". Esta vulnerabilidad también se conoce ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2319 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2319
23 Mar 2015 — The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. La pila TLS en Mono en versiones anteriores a la 3.12.1 hace que sea más fácil para los atacantes remotos realizar ataques de degradación de cifrado para los cifrados EXPORT_RSA a través de tráfico TLS manipulado. Esta vulnerabilidad está relacionada con el problema "FREAK", una ... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-2320 – Ubuntu Security Notice USN-2547-1
https://notcve.org/view.php?id=CVE-2015-2320
23 Mar 2015 — The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. La pila TLS en Mono en versiones anteriores a la 3.12.1 permite que los atacantes remotos provoquen un impacto sin especificar mediante vectores relacionados con el fallback SSLv2 del lado del cliente. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersona... • http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2012-3543 – Gentoo Linux Security Advisory 201405-16
https://notcve.org/view.php?id=CVE-2012-3543
19 May 2014 — mono 2.10.x ASP.NET Web Form Hash collision DoS mono versión 2.10.x, ASP.NET Web Form realiza un Hash de una DoS de colisión. It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure cipher... • http://www.openwall.com/lists/oss-security/2012/08/28/14 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-1526 – Gentoo Linux Security Advisory 201401-01
https://notcve.org/view.php?id=CVE-2010-1526
24 Aug 2010 — Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. Multiples desbordamientos de enteros en libgdiplus v.2.6.7, como los usados en Mono, permite a... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 35%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 6.1EPSS: 9%CPEs: 20EXPL: 2CVE-2008-3906 – Mono 2.0 - 'System.Web' HTTP Header Injection
https://notcve.org/view.php?id=CVE-2008-3906
04 Sep 2008 — CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. Vulnerabilidad de inyección CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query). • https://www.exploit-db.com/exploits/32303 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2008-3422
https://notcve.org/view.php?id=CVE-2008-3422
31 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de las librerías de cla... • http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •