Search for packages
| purl | pkg:deb/debian/mono@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1qhk-r5sq-zqhm | Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the `_baseDirectory` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. fixed this vulnerability. |
CVE-2021-32842
GHSA-mm6g-mmq6-53ff |
| VCID-45yu-4es7-wqg6 | StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. |
CVE-2007-5473
|
| VCID-91z4-znxj-2fds | Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
CVE-2011-0990
|
| VCID-a483-t5eh-pkf5 | Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
CVE-2011-0992
|
| VCID-eadx-224r-vyhs | Path traversal in SharpZipLib SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. contains a patch for this vulnerability. |
CVE-2021-32841
GHSA-2x7h-96h5-rq84 |
| VCID-fxh1-kq9x-6bbz | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. A TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. |
CVE-2021-32840
GHSA-m22m-h4rf-pwq3 |
| VCID-gt2k-srht-4qfe | Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
CVE-2011-0989
|
| VCID-kbuv-pvcj-bucr | Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
CVE-2011-0991
|