Vulnerabilities > Mono
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12471 | Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | 7.5 |
| 2020-04-29 | CVE-2020-12470 | Files or Directories Accessible to External Parties vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | 6.5 |
| 2020-04-29 | CVE-2020-12473 | Improper Privilege Management vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | 9.0 |
| 2020-04-29 | CVE-2020-12472 | Cross-site Scripting vulnerability in Mono Monox 5.1.40.5152 MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | 3.5 |
| 2012-07-12 | CVE-2012-3382 | Cross-Site Scripting vulnerability in Mono Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. | 4.3 |
| 2011-04-13 | CVE-2011-0992 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. | 5.8 |
| 2011-04-13 | CVE-2011-0991 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | 6.8 |
| 2011-04-13 | CVE-2011-0990 | Race Condition vulnerability in multiple products Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | 5.8 |
| 2011-04-13 | CVE-2011-0989 | Permissions, Privileges, and Access Controls vulnerability in multiple products The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | 5.8 |
| 2011-01-11 | CVE-2010-4225 | Information Exposure vulnerability in Mono 2.8/2.8.1 Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." | 5.0 |