VulnerableCode Package Details - pkg:deb/debian/mono@4.6.2.7%2Bdfsg-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-kpej-mch5-jyfr Aliases: CVE-2023-26314	The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.	6.8.0.105+dfsg-3.3~deb11u1 Affected by 0 other vulnerabilities.
VCID-xehh-a5vv-kffu Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	5.18.0.240+dfsg-3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-kpej-mch5-jyfr
Aliases:
CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

6.8.0.105+dfsg-3.3~deb11u1
Affected by 0 other vulnerabilities.

VCID-xehh-a5vv-kffu
Aliases:
CVE-2018-1002208
GHSA-cqj4-m2pc-v9m5

Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

5.18.0.240+dfsg-3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-uwpq-kb7b-b7he	Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.	CVE-2009-0689

Vulnerability

Summary

Aliases

VCID-uwpq-kb7b-b7he

Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.

CVE-2009-0689

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:02:58.509925+00:00	Debian Oval Importer	Affected by	VCID-kpej-mch5-jyfr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:59:15.557921+00:00	Debian Oval Importer	Affected by	VCID-xehh-a5vv-kffu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:11:52.982658+00:00	Debian Oval Importer	Fixing	VCID-uwpq-kb7b-b7he	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0