Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by mono-project
CVE-2023-26314 (GCVE-0-2023-26314)
Vulnerability from cvelistv5 – Published: 2023-02-22 00:00 – Updated: 2026-05-20 01:41
VLAI
Summary
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-20T01:41:27.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/01/05/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/972146"
},
{
"name": "[debian-lts-announce] 20230225 [SECURITY] [DLA 3343-1] mono security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T16:24:03.381624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T16:24:08.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/01/05/1"
},
{
"url": "https://bugs.debian.org/972146"
},
{
"name": "[debian-lts-announce] 20230225 [SECURITY] [DLA 3343-1] mono security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26314",
"datePublished": "2023-02-22T00:00:00.000Z",
"dateReserved": "2023-02-22T00:00:00.000Z",
"dateUpdated": "2026-05-20T01:41:27.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-3543 (GCVE-0-2012-3543)
Vulnerability from cvelistv5 – Published: 2019-11-21 14:00 – Updated: 2024-08-06 20:13
VLAI
Summary
mono 2.10.x ASP.NET Web Form Hash collision DoS
Severity
No CVSS data available.
CWE
- Hash collision issue
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543 | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-3543 | x_refsource_MISC |
| https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/0… | x_refsource_MISC |
| http://www.securityfocus.com/bid/55251 | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2547-1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mono",
"vendor": "mono",
"versions": [
{
"status": "affected",
"version": "2.10.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hash collision issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:00:56.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3543",
"datePublished": "2019-11-21T14:00:56.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0757 (GCVE-0-2019-0757)
Vulnerability from cvelistv5 – Published: 2019-04-09 01:51 – Updated: 2024-08-04 17:58
VLAI
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Severity
No CVSS data available.
CWE
- Tampering
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:1259 | vendor-advisoryx_refsource_REDHAT |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Visual Studio |
Affected:
2017 for Mac
|
|
| Microsoft | .NET Core SDK |
Affected:
1.1 on .NET Core 1.0
Affected: 2.1.500 on .NET Core 2.1 Affected: 2.2.100 on .NET Core 2.2 Affected: 1.1 on .NET Core 1.1 |
|
| Microsoft | Nuget |
Affected:
4.3.1
Affected: 4.4.2 Affected: 4.5.2 Affected: 4.6.3 Affected: 4.7.2 Affected: 4.8.2 Affected: 4.9.4 |
|
| Microsoft | Mono Framework |
Affected:
5.18.0.223
Affected: 5.20.0 |
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 for Mac"
}
]
},
{
"product": ".NET Core SDK",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.1 on .NET Core 1.0"
},
{
"status": "affected",
"version": "2.1.500 on .NET Core 2.1"
},
{
"status": "affected",
"version": "2.2.100 on .NET Core 2.2"
},
{
"status": "affected",
"version": "1.1 on .NET Core 1.1"
}
]
},
{
"product": "Nuget",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.2"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.4"
}
]
},
{
"product": "Mono Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "5.18.0.223"
},
{
"status": "affected",
"version": "5.20.0"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Tampering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017 for Mac"
}
]
}
},
{
"product_name": ".NET Core SDK",
"version": {
"version_data": [
{
"version_value": "1.1 on .NET Core 1.0"
},
{
"version_value": "2.1.500 on .NET Core 2.1"
},
{
"version_value": "2.2.100 on .NET Core 2.2"
},
{
"version_value": "1.1 on .NET Core 1.1"
}
]
}
},
{
"product_name": "Nuget",
"version": {
"version_data": [
{
"version_value": "4.3.1"
},
{
"version_value": "4.4.2"
},
{
"version_value": "4.5.2"
},
{
"version_value": "4.6.3"
},
{
"version_value": "4.7.2"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.9.4"
}
]
}
},
{
"product_name": "Mono Framework",
"version": {
"version_data": [
{
"version_value": "5.18.0.223"
},
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0757",
"datePublished": "2019-04-09T01:51:25.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:58:59.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2320 (GCVE-0-2015-2320)
Vulnerability from cvelistv5 – Published: 2018-01-08 19:00 – Updated: 2024-08-06 05:10
VLAI
Summary
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2547-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.redhat.com/show_bug.cgi?id=1202869 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/73256 | vdb-entryx_refsource_BID |
| https://github.com/mono/mono/commit/b371da6b2d68b… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/03/17/9 | mailing-listx_refsource_MLIST |
| http://www.mono-project.com/news/2015/03/07/mono-… | x_refsource_CONFIRM |
| https://www.debian.org/security/2015/dsa-3202 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2015-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2547-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73256"
},
{
"name": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"name": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2320",
"datePublished": "2018-01-08T19:00:00.000Z",
"dateReserved": "2015-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:16.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2319 (GCVE-0-2015-2319)
Vulnerability from cvelistv5 – Published: 2018-01-08 19:00 – Updated: 2024-08-06 05:10
VLAI
Summary
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2547-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/73250 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1202869 | x_refsource_CONFIRM |
| https://mitls.org/pages/attacks/SMACK#freak | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2015/03/17/9 | mailing-listx_refsource_MLIST |
| http://www.mono-project.com/news/2015/03/07/mono-… | x_refsource_CONFIRM |
| https://www.debian.org/security/2015/dsa-3202 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/mono/mono/commit/9c38772f09416… | x_refsource_CONFIRM |
Date Public
2015-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"name": "73250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mitls.org/pages/attacks/SMACK#freak"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"name": "73250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mitls.org/pages/attacks/SMACK#freak"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2547-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"name": "73250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73250"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "https://mitls.org/pages/attacks/SMACK#freak",
"refsource": "MISC",
"url": "https://mitls.org/pages/attacks/SMACK#freak"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"name": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"name": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2319",
"datePublished": "2018-01-08T19:00:00.000Z",
"dateReserved": "2015-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2318 (GCVE-0-2015-2318)
Vulnerability from cvelistv5 – Published: 2018-01-08 19:00 – Updated: 2024-08-06 05:10
VLAI
Summary
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2547-1 | vendor-advisoryx_refsource_UBUNTU |
| https://mitls.org/pages/attacks/SMACK#skip | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1202869 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/73253 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/03/17/9 | mailing-listx_refsource_MLIST |
| http://www.mono-project.com/news/2015/03/07/mono-… | x_refsource_CONFIRM |
| https://www.debian.org/security/2015/dsa-3202 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/mono/mono/commit/1509226c41d74… | x_refsource_CONFIRM |
Date Public
2015-03-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:16.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mitls.org/pages/attacks/SMACK#skip"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73253"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2547-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mitls.org/pages/attacks/SMACK#skip"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73253"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2547-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
},
{
"name": "https://mitls.org/pages/attacks/SMACK#skip",
"refsource": "MISC",
"url": "https://mitls.org/pages/attacks/SMACK#skip"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"name": "73253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73253"
},
{
"name": "[oss-security] 20150317 Re: Mono TLS vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"name": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/"
},
{
"name": "DSA-3202",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"name": "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2318",
"datePublished": "2018-01-08T19:00:00.000Z",
"dateReserved": "2015-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:10:16.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1526 (GCVE-0-2010-1526)
Vulnerability from cvelistv5 – Published: 2010-08-24 20:00 – Updated: 2024-08-07 01:28
VLAI
Summary
Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/secunia_research/2010-102/ | x_refsource_MISC |
| http://secunia.com/advisories/40792 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2010-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-102/"
},
{
"name": "40792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40792"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-07T10:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-102/"
},
{
"name": "40792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40792"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2010-102/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-102/"
},
{
"name": "40792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40792"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-1526",
"datePublished": "2010-08-24T20:00:00.000Z",
"dateReserved": "2010-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}