Search for packages
| purl | pkg:deb/debian/mono@1.2.2.1-1 |
| Next non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Latest non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2jhf-j64s-gygy
Aliases: CVE-2009-0689 |
Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz. |
Affected by 2 other vulnerabilities. |
|
VCID-4g67-mxz3-27ak
Aliases: CVE-2010-1459 GHSA-g5c6-w479-93xm |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. |
Affected by 8 other vulnerabilities. |
|
VCID-75b6-ycq1-93ay
Aliases: CVE-2012-3543 |
A hash collision vulnerability in Mono allows remote attackers to cause a Denial of Service condition. |
Affected by 6 other vulnerabilities. |
|
VCID-azkx-bdnb-ebbg
Aliases: CVE-2023-26314 |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
Affected by 0 other vulnerabilities. |
|
VCID-c1c3-ck5x-mkay
Aliases: CVE-2010-4225 |
Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
Affected by 8 other vulnerabilities. |
|
VCID-f6cm-frak-aydf
Aliases: CVE-2008-3422 |
mono: XSS vulnerabilities in the ASP.net class libraries |
Affected by 12 other vulnerabilities. |
|
VCID-fc3w-b9en-rbbm
Aliases: CVE-2015-2318 |
security update |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-nssu-1x9p-mudc
Aliases: CVE-2015-2319 |
security update |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-nz8p-usaz-8kgt
Aliases: CVE-2012-3382 |
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. |
Affected by 6 other vulnerabilities. |
|
VCID-s4yu-1s7d-bufz
Aliases: CVE-2010-4159 |
Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. |
Affected by 8 other vulnerabilities. |
|
VCID-sgsg-b4yc-juh6
Aliases: CVE-2008-3906 |
mono: Sys.Web HTTP header injection attack |
Affected by 12 other vulnerabilities. |
|
VCID-w6qh-dtdh-1bep
Aliases: CVE-2015-2320 |
security update |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-xzc1-cy42-2ub4
Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
Affected by 1 other vulnerability. |
|
VCID-yqu4-jn6n-eug3
Aliases: CVE-2007-5197 |
Mono's BigInteger implementation contains a buffer overflow vulnerability that might lead to the execution of arbitrary code. |
Affected by 12 other vulnerabilities. |
|
VCID-z7ht-bq8z-3qgd
Aliases: CVE-2009-0217 GHSA-8hfm-837h-hjg5 |
XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||