Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-826-1
HistoryAug 26, 2009 - 12:00 a.m.

Mono vulnerabilities

2009-08-2600:00:00
ubuntu.com
61

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.973 High

EPSS

Percentile

99.9%

JSON

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04

Packages

  • mono -

Details

It was discovered that the XML HMAC signature system did not correctly
check certain lengths. If an attacker sent a truncated HMAC, it could
bypass authentication, leading to potential privilege escalation.
(CVE-2009-0217)

It was discovered that Mono did not properly escape certain attributes in
the ASP.net class libraries which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. This issue only affected Ubuntu 8.04
LTS. (CVE-2008-3422)

It was discovered that Mono did not properly filter CRLF injections in the
query string. If a user were tricked into viewing server output during a
crafted server request, a remote attacker could exploit this to modify the
contents, steal confidential data (such as passwords), or perform
cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS.
(CVE-2008-3906)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchlibmono-security2.0-cil< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchlibmono-dev< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchlibmono0< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchlibmono0-dbg< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-1.0-runtime< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-2.0-runtime< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-common< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-jay< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-jit< 2.0.1-4ubuntu0.1UNKNOWN
Ubuntu9.04noarchmono-jit-dbg< 2.0.1-4ubuntu0.1UNKNOWN
Rows per page:
1-10 of 411

Related

nessus 67
openvas 67
debian 9
prion 4
securityvulns 8
cve 4
redhatcve 1
ubuntucve 4
debiancve 4
checkpoint_advisories 2
redhat 3
veracode 1
fedora 6
osv 2
mskb 1
cert 1
github 1
oraclelinux 2
freebsd 2
centos 2
ibm 2
ubuntu 1
suse 3
threatpost 1
gentoo 1
nessus
nessus
Ubuntu 8.04 LTS / 8.10 / 9.04 : mono vulnerabilities (USN-826-1)
2009-08-27 00:00:00
Mandriva Linux Security Advisory : mono (MDVSA-2009:322)
2009-12-08 00:00:00
Mandriva Linux Security Advisory : mono (MDVSA-2009:268)
2009-10-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-826-1)
2009-09-02 00:00:00
Ubuntu USN-826-1 (mono)
2009-09-02 00:00:00
Mandriva Security Advisory MDVSA-2009:322 (mono)
2009-12-10 00:00:00
debian
debian
[Backports-security-announce] Security Update for mono
2008-10-22 08:35:54
[Backports-security-announce] Security Update for mono
2008-10-22 08:50:59
[Backports-security-announce] Security Update for xml-security-c
2009-08-06 08:37:46
prion
prion
Crlf injection
2008-09-04 17:41:00
Cross site scripting
2008-07-31 21:41:00
Authentication flaw
2009-07-14 23:30:00
securityvulns
securityvulns
rPSA-2008-0286-1 mono
2008-10-02 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-10-02 00:00:00
Microsoft Security Bulletin MS10-041 - Important Vulnerability in Microsoft .NET Framework Could Allow Tampering &#40;981343&#41;
2010-06-09 00:00:00
cve
cve
CVE-2008-3906
2008-09-04 17:41:00
CVE-2008-3422
2008-07-31 21:41:00
CVE-2009-0217
2009-07-14 23:30:00
redhatcve
redhatcve
CVE-2008-3906
2019-10-04 20:27:58
ubuntucve
ubuntucve
CVE-2008-3906
2008-09-04 00:00:00
CVE-2008-3422
2008-07-31 00:00:00
CVE-2009-0217
2009-07-14 00:00:00
debiancve
debiancve
CVE-2008-3906
2008-09-04 17:41:00
CVE-2008-3422
2008-07-31 21:41:00
CVE-2009-0217
2009-07-14 23:30:00
checkpoint_advisories
checkpoint_advisories
Microsoft XML Signature HMAC Truncation Bypass (MS10-041; CVE-2009-0217)
2010-06-08 00:00:00
Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)
2015-03-26 00:00:00
redhat
redhat
(RHSA-2009:1428) Moderate: xmlsec1 security update
2009-09-08 00:00:00
(RHSA-2009:1649) Moderate: JBoss Enterprise Application Platform 4.3.0.CP07 update
2009-12-09 00:00:00
(RHSA-2009:1201) Important: java-1.6.0-openjdk security and bug fix update
2009-08-06 00:00:00
veracode
veracode
Authentication Bypass
2020-04-10 00:35:27
fedora
fedora
[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10
2009-07-31 17:59:26
[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11
2009-08-11 22:33:07
[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11
2009-07-31 18:04:52
osv
osv
Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation
2022-05-02 03:13:38
openoffice.org - several
2010-02-12 00:00:00
mskb
mskb
MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering
2012-05-08 22:34:55
cert
cert
XML signature HMAC truncation authentication bypass
2009-07-14 00:00:00
github
github
Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation
2022-05-02 03:13:38
oraclelinux
oraclelinux
xmlsec1 security update
2009-09-09 00:00:00
java-1.6.0-openjdk security and bug fix update
2009-08-06 00:00:00
freebsd
freebsd
mono -- XML signature HMAC truncation spoofing
2009-07-15 00:00:00
openoffice.org -- multiple vulnerabilities
2006-08-24 00:00:00
centos
centos
xmlsec1 security update
2009-09-09 00:48:06
java security update
2009-08-09 04:11:10
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server
2022-10-14 22:24:44
Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)
2022-10-06 04:39:35
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2010-02-24 00:00:00
suse
suse
remote code execution in OpenOffice_org
2010-03-16 16:11:32
remote code execution in java-1_6_0-ibm
2009-11-04 15:26:34
remote code execution in java-1_6_0-ibm
2010-01-12 17:47:21
threatpost
threatpost
OpenOffice Zaps Six Security Bugs
2010-02-18 15:09:26
gentoo
gentoo
Mono: Multiple vulnerabilities
2012-06-21 00:00:00

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.973 High

EPSS

Percentile

99.9%

JSON
Related for USN-826-1
nessus67openvas67debian9prion4securityvulns8cve4redhatcve1ubuntucve4debiancve4checkpoint_advisories2redhat3veracode1fedora6osv2mskb1cert1github1oraclelinux2freebsd2centos2ibm2ubuntu1suse3threatpost1gentoo1