Vulnerabilities > Mono Project

DATE CVE VULNERABILITY TITLE RISK
2023-02-22 CVE-2023-26314 The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
network
low complexity
mono-project debian
8.8
2019-11-21 CVE-2012-3543 Improper Input Validation vulnerability in multiple products
mono 2.10.x ASP.NET Web Form Hash collision DoS
network
low complexity
mono-project canonical debian CWE-20
7.5
2019-04-09 CVE-2019-0757 A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
network
low complexity
microsoft mono-project redhat
6.5
2018-01-08 CVE-2015-2320 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
network
low complexity
mono-project debian CWE-295
critical
9.8
2018-01-08 CVE-2015-2319 Improper Certificate Validation vulnerability in Mono-Project Mono
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
network
low complexity
mono-project CWE-295
7.5
2018-01-08 CVE-2015-2318 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
network
high complexity
mono-project debian CWE-295
8.1