Vulnerabilities > Novell > Moonlight > 2.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-04-13 | CVE-2011-0992 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. | 5.8 |
2011-04-13 | CVE-2011-0991 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | 6.8 |
2011-04-13 | CVE-2011-0990 | Race Condition vulnerability in multiple products Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | 5.8 |
2011-04-13 | CVE-2011-0989 | Permissions, Privileges, and Access Controls vulnerability in multiple products The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | 5.8 |