VulnerableCode Package Details - pkg:deb/ubuntu/mono@2.10.4-3

Search for packages

Package details: pkg:deb/ubuntu/mono@2.10.4-3

Essentials
History (0)

purl	pkg:deb/ubuntu/mono@2.10.4-3

Next non-vulnerable version	6.8.0.105+dfsg-2
Latest non-vulnerable version	6.8.0.105+dfsg-2
Risk	4.4

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-4gvf-mcv9-aaab Aliases: CVE-2015-2320	The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.	3.2.8+dfsg-4ubuntu1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6qds-tekv-aaaj Aliases: CVE-2015-2319	The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.	3.2.8+dfsg-4ubuntu1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gjvv-9maf-aaac Aliases: CVE-2011-0992	Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.	3.2.8+dfsg-4ubuntu1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qs89-w1wn-aaar Aliases: CVE-2015-2318	The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.	3.2.8+dfsg-4ubuntu1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rs6r-ugky-aaap Aliases: CVE-2012-3543	mono 2.10.x ASP.NET Web Form Hash collision DoS	3.2.8+dfsg-4ubuntu1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w1m8-n281-aaam Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	6.8.0.105+dfsg-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version