VulnerableCode Package Details - pkg:deb/debian/mono@4.6.2.7%2Bdfsg-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9hk3-5wyf-aaae Aliases: CVE-2023-26314	The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.	6.8.0.105+dfsg-3.3~deb11u1 Affected by 0 other vulnerabilities.
VCID-w1m8-n281-aaam Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	5.18.0.240+dfsg-3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9hk3-5wyf-aaae
Aliases:
CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

6.8.0.105+dfsg-3.3~deb11u1
Affected by 0 other vulnerabilities.

VCID-w1m8-n281-aaam
Aliases:
CVE-2018-1002208
GHSA-cqj4-m2pc-v9m5

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

5.18.0.240+dfsg-3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-hq4z-qnux-aaag	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.	CVE-2009-0689

Vulnerability

Summary

Aliases

VCID-hq4z-qnux-aaag

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

CVE-2009-0689

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:59:13.945705+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T18:23:24.841791+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:17:03.155770+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:18:51.554684+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:44:51.613290+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T07:40:25.713129+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	None	36.1.3
2025-06-20T23:10:13.446690+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	None	36.1.3
2025-06-20T23:05:25.258710+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	None	36.1.3
2025-06-20T22:06:50.935526+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	36.1.3
2025-06-08T11:28:34.864435+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:54:08.447411+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:58:17.061802+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:13:24.245298+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:40:11.959322+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T01:20:21.115886+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	None	36.1.0
2025-06-07T16:33:22.128178+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	None	36.1.0
2025-06-07T16:28:36.900836+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	None	36.1.0
2025-04-12T21:45:24.912041+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:12:48.577071+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:36:38.796529+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:30:30.814240+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:45:36.324646+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:11:52.060833+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T23:53:05.047542+00:00	Debian Oval Importer	Affected by	VCID-9hk3-5wyf-aaae	None	36.0.0
2025-04-07T15:05:27.510694+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	None	36.0.0
2025-04-07T15:00:30.559144+00:00	Debian Oval Importer	Affected by	VCID-w1m8-n281-aaam	None	36.0.0
2025-04-04T00:45:10.962649+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	36.0.0
2025-02-19T00:23:31.056604+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	35.1.0
2024-11-27T01:20:54.519027+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-11-21T22:01:33.155166+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	35.0.0
2024-11-19T21:07:49.431574+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.3.2
2024-10-12T23:28:17.275918+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-10-08T22:16:46.997707+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.0.2
2024-09-20T18:27:21.011221+00:00	Debian Oval Importer	Fixing	VCID-hq4z-qnux-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1
2024-09-18T10:35:12.200438+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.0.1
2024-04-24T12:03:01.034270+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.0.0rc4
2024-01-10T13:55:44.746282+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.0.0rc2
2024-01-04T05:05:56.379299+00:00	Debian Importer	Affected by	VCID-w1m8-n281-aaam	None	34.0.0rc1

2025-06-21T18:59:13.945705+00:00

Debian Oval Importer

Affected by

Next non-vulnerable version	6.8.0.105+dfsg-3.3~deb11u1
Latest non-vulnerable version	6.8.0.105+dfsg-3.3~deb11u1
Risk	4.0