Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mono-project Security Vulnerabilities

cve
cve

CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR...

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-22 07:15 AM
24
cve
cve

CVE-2012-3543

mono 2.10.x ASP.NET Web Form Hash collision...

7.5CVSS

7.3AI Score

0.006EPSS

2019-11-21 02:15 PM
29
cve
cve

CVE-2019-0757

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering...

6.5CVSS

6.1AI Score

0.001EPSS

2019-04-09 02:29 AM
99
cve
cve

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS"...

8.1CVSS

8.1AI Score

0.007EPSS

2018-01-08 07:29 PM
35
cve
cve

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2...

9.8CVSS

8.5AI Score

0.015EPSS

2018-01-08 07:29 PM
36
cve
cve

CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than...

7.5CVSS

6.3AI Score

0.948EPSS

2018-01-08 07:29 PM
55
cve
cve

CVE-2010-1526

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3)....

7.4AI Score

0.003EPSS

2010-08-24 10:00 PM
29
cve
cve

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3,...

7.1AI Score

0.973EPSS

2009-07-14 11:30 PM
94
2
cve
cve

CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query...

6.6AI Score

0.01EPSS

2008-09-04 05:41 PM
35
cve
cve

CVE-2008-3422

Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3)...

5.5AI Score

0.003EPSS

2008-07-31 09:41 PM
43