VulnerableCode Package Details - pkg:deb/debian/mono@2.6.7-5.1%2Bdeb6u2

Search for packages

Package details: pkg:deb/debian/mono@2.6.7-5.1%2Bdeb6u2

Essentials
History (11)

purl	pkg:deb/debian/mono@2.6.7-5.1%2Bdeb6u2

Next non-vulnerable version	6.8.0.105+dfsg-3.3~deb11u1
Latest non-vulnerable version	6.8.0.105+dfsg-3.3~deb11u1
Risk	10.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-9rzm-f418-ubhp Aliases: CVE-2015-2319	The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.	2.10.8.1-8+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.8+dfsg-10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-duh3-c86a-m3hw Aliases: CVE-2015-2320	The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.	2.10.8.1-8+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.8+dfsg-10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g7sk-pvf3-ekfg Aliases: CVE-2012-3382		2.10.8.1-8+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kc3z-c9sh-pya4 Aliases: CVE-2015-2318	The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.	2.10.8.1-8+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.8+dfsg-10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kpej-mch5-jyfr Aliases: CVE-2023-26314	The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.	6.8.0.105+dfsg-3.3~deb11u1 Affected by 0 other vulnerabilities.
VCID-tyvc-9q86-fkbh Aliases: CVE-2012-3543	mono 2.10.x ASP.NET Web Form Hash collision DoS	2.10.8.1-8+deb7u1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uwpq-kb7b-b7he Aliases: CVE-2009-0689	Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used by Mozilla appears to be essentially the same as that reported against the libc gdtoa routine by Maksymilian Arciemowicz.	4.6.2.7+dfsg-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xehh-a5vv-kffu Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	5.18.0.240+dfsg-3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:09:27.722060+00:00	Debian Oval Importer	Affected by	VCID-g7sk-pvf3-ekfg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:02:58.495827+00:00	Debian Oval Importer	Affected by	VCID-kpej-mch5-jyfr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:03:56.841178+00:00	Debian Oval Importer	Affected by	VCID-duh3-c86a-m3hw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:53:16.116697+00:00	Debian Oval Importer	Affected by	VCID-kc3z-c9sh-pya4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:27:53.724822+00:00	Debian Oval Importer	Affected by	VCID-tyvc-9q86-fkbh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:11:18.948335+00:00	Debian Oval Importer	Affected by	VCID-9rzm-f418-ubhp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:59:15.552282+00:00	Debian Oval Importer	Affected by	VCID-xehh-a5vv-kffu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:11:52.966404+00:00	Debian Oval Importer	Affected by	VCID-uwpq-kb7b-b7he	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T09:43:41.797203+00:00	Debian Oval Importer	Affected by	VCID-kc3z-c9sh-pya4	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:40:03.794742+00:00	Debian Oval Importer	Affected by	VCID-9rzm-f418-ubhp	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:34:31.083152+00:00	Debian Oval Importer	Affected by	VCID-duh3-c86a-m3hw	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0