VulnerableCode Package Details - pkg:deb/ubuntu/mono@3.2.8%2Bdfsg-4ubuntu1.1

Search for packages

Package details: pkg:deb/ubuntu/mono@3.2.8%2Bdfsg-4ubuntu1.1

Essentials
History (0)

purl	pkg:deb/ubuntu/mono@3.2.8%2Bdfsg-4ubuntu1.1

Next non-vulnerable version	6.8.0.105+dfsg-2
Latest non-vulnerable version	6.8.0.105+dfsg-2
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-w1m8-n281-aaam Aliases: CVE-2018-1002208 GHSA-cqj4-m2pc-v9m5	SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.	6.8.0.105+dfsg-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-4gvf-mcv9-aaab	The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.	CVE-2015-2320
VCID-6qds-tekv-aaaj	The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.	CVE-2015-2319
VCID-qs89-w1wn-aaar	The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.	CVE-2015-2318

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version