Search for packages
| purl | pkg:deb/debian/mono@3.2.8%2Bdfsg-10 |
| Next non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Latest non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2jhf-j64s-gygy
Aliases: CVE-2009-0689 |
Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz. |
Affected by 2 other vulnerabilities. |
|
VCID-azkx-bdnb-ebbg
Aliases: CVE-2023-26314 |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
Affected by 0 other vulnerabilities. |
|
VCID-xzc1-cy42-2ub4
Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fc3w-b9en-rbbm | security update |
CVE-2015-2318
|
| VCID-nssu-1x9p-mudc | security update |
CVE-2015-2319
|
| VCID-w6qh-dtdh-1bep | security update |
CVE-2015-2320
|