Search for packages
| purl | pkg:deb/debian/mono@1.9.1%2Bdfsg-6 |
| Next non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Latest non-vulnerable version | 6.8.0.105+dfsg-3.3~deb11u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9krh-c5rw-9kck
Aliases: CVE-2009-0217 GHSA-8hfm-837h-hjg5 |
Affected by 8 other vulnerabilities. |
|
|
VCID-9rzm-f418-ubhp
Aliases: CVE-2015-2319 |
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-a68j-a2qt-tkf2
Aliases: CVE-2010-1459 GHSA-g5c6-w479-93xm |
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. |
Affected by 8 other vulnerabilities. |
|
VCID-c7bj-9rea-z3g7
Aliases: CVE-2010-4225 |
Affected by 8 other vulnerabilities. |
|
|
VCID-duh3-c86a-m3hw
Aliases: CVE-2015-2320 |
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-g7sk-pvf3-ekfg
Aliases: CVE-2012-3382 |
Affected by 6 other vulnerabilities. |
|
|
VCID-kc3z-c9sh-pya4
Aliases: CVE-2015-2318 |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-kpej-mch5-jyfr
Aliases: CVE-2023-26314 |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |
Affected by 0 other vulnerabilities. |
|
VCID-tyvc-9q86-fkbh
Aliases: CVE-2012-3543 |
mono 2.10.x ASP.NET Web Form Hash collision DoS |
Affected by 6 other vulnerabilities. |
|
VCID-uwpq-kb7b-b7he
Aliases: CVE-2009-0689 |
Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz. |
Affected by 2 other vulnerabilities. |
|
VCID-xehh-a5vv-kffu
Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5 |
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
Affected by 1 other vulnerability. |
|
VCID-z3ks-2818-xbf2
Aliases: CVE-2010-4159 |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5pq8-2hr7-pfe6 |
CVE-2007-5197
|
|
| VCID-8k2c-ackz-8bft |
CVE-2008-3422
|
|
| VCID-zh1z-wd3b-1qd1 |
CVE-2008-3906
|