A security issue has been reported in Mono, which can be
exploited by malicious people to conduct spoofing attacks.
The security issue is caused due to an error when processing
certain XML signatures.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmono< 2.4.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mono	< 2.4.2.2	UNKNOWN

References

secunia.com/advisories/35852/

www.kb.cert.org/vuls/id/466161

openvas 67

nessus 71

fedora 6

securityvulns 8

debian 7

mskb 1

osv 2

cert 1

checkpoint_advisories 2

github 1

cve 2

prion 2

redhat 6

ubuntucve 2

veracode 1

centos 2

debiancve 2

oraclelinux 2

ubuntu 3

ibm 3

suse 3

threatpost 1

freebsd 1

gentoo 2

oracle 1

openvas

RedHat Security Advisory RHSA-2009:1428

2009-09-09 00:00:00

Fedora Core 11 FEDORA-2009-8157 (xml-security-c)

2009-08-17 00:00:00

Debian Security Advisory DSA 1849-1 (xml-security-c)

2009-08-17 00:00:00

nessus

Fedora 11 : xmlsec1-1.2.12-1.fc11 (2009-8473)

2009-08-12 00:00:00

MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

2010-06-09 00:00:00

Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:267)

2009-10-12 00:00:00

fedora

[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10

2009-07-31 17:59:26

[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11

2009-08-11 22:33:07

[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11

2009-07-31 18:04:52

securityvulns

Microsoft .Net XML signing protection bypass

2010-06-09 00:00:00

Microsoft Security Bulletin MS10-041 - Important Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

2010-06-09 00:00:00

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

2013-07-01 00:00:00

debian

[SECURITY] [DSA 1849-1] New xml-security-c packages fix signature forgery

2009-08-02 13:48:02

[Backports-security-announce] Security Update for xml-security-c

2009-08-06 08:37:46

[Backports-security-announce] Security Update for xml-security-c

2009-08-06 08:38:10

mskb

MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering

2012-05-08 22:34:55

osv

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

openoffice.org - several

2010-02-12 00:00:00

cert

XML signature HMAC truncation authentication bypass

2009-07-14 00:00:00

checkpoint_advisories

Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)

2015-03-26 00:00:00

Microsoft XML Signature HMAC Truncation Bypass (MS10-041; CVE-2009-0217)

2010-06-08 00:00:00

github

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

cve

CVE-2009-0217

2009-07-14 23:30:00

CVE-2013-2155

2013-08-20 22:55:00

prion

Authentication flaw

2009-07-14 23:30:00

Design/Logic Flaw

2013-08-20 22:55:00

redhat

(RHSA-2009:1428) Moderate: xmlsec1 security update

2009-09-08 00:00:00

(RHSA-2009:1649) Moderate: JBoss Enterprise Application Platform 4.3.0.CP07 update

2009-12-09 00:00:00

(RHSA-2009:1201) Important: java-1.6.0-openjdk security and bug fix update

2009-08-06 00:00:00

ubuntucve

CVE-2009-0217

2009-07-14 00:00:00

CVE-2013-2155

2013-08-20 00:00:00

veracode

Authentication Bypass

2020-04-10 00:35:27

centos

xmlsec1 security update

2009-09-09 00:48:06

java security update

2009-08-09 04:11:10

debiancve

CVE-2009-0217

2009-07-14 23:30:00

CVE-2013-2155

2013-08-20 22:55:00

oraclelinux

xmlsec1 security update

2009-09-09 00:00:00

java-1.6.0-openjdk security and bug fix update

2009-08-06 00:00:00

ubuntu

Mono vulnerabilities

2009-08-26 00:00:00

OpenOffice.org vulnerabilities

2010-02-24 00:00:00

OpenJDK vulnerabilities

2009-08-11 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server

2022-10-14 22:24:44

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

2022-10-06 04:39:35

Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ

2020-02-20 12:42:12

suse

remote code execution in OpenOffice_org

2010-03-16 16:11:32

remote code execution in java-1_6_0-ibm

2009-11-04 15:26:34

remote code execution in java-1_6_0-ibm

2010-01-12 17:47:21

threatpost

OpenOffice Zaps Six Security Bugs

2010-02-18 15:09:26

freebsd

openoffice.org -- multiple vulnerabilities

2006-08-24 00:00:00

gentoo

Mono: Multiple vulnerabilities

2012-06-21 00:00:00

OpenOffice, LibreOffice: Multiple vulnerabilities

2014-08-31 00:00:00

oracle

09-07 CPU Advisory

2009-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.973 High

EPSS

Percentile

99.9%

JSON

Related for 708C65A5-7C58-11DE-A994-0030843D3802