Debian Mono vulnerabilities

CVE-2023-26314 [HIGH] CVE-2023-26314: mono - The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code exec... The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. Scope: local bookworm: resolved (fixed in 6.8.0.105+dfsg-3.3) bullseye: resolved (fixed in 6.8.0.105+dfsg-3.3~deb11u1) forky: resolved (fixed in 6.8.0.105+dfsg-3.3) sid: reso

CVE-2021-32842 [MEDIUM] CVE-2021-32842: mono - SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version... SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name

CVE-2021-32840 [HIGH] CVE-2021-32840: mono - SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version... SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolv

CVE-2021-32841 [MEDIUM] CVE-2021-32841: mono - SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version... SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins

CVE-2018-1002208 [MEDIUM] CVE-2018-1002208: mono - SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attack... SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. Scope: local bookworm: resolved (fixed in 5.18.0.240+dfsg-1) bullseye: resolved (fixed in 5.18.0.240+dfsg-1) forky: re

CVE-2015-2320 [CRITICAL] CVE-2015-2320: mono - The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified ... The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. Scope: local bookworm: resolved (fixed in 3.2.8+dfsg-10) bullseye: resolved (fixed in 3.2.8+dfsg-10) forky: resolved (fixed in 3.2.8+dfsg-10) sid: resolved (fixed in 3.2.8+dfsg-10) trixie: resolved (fixed in 3.2.8+dfsg-10)

CVE-2015-2318 [HIGH] CVE-2015-2318: mono - The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduc... The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. Scope: local bookworm: resolved (fixed in 3.2.8+dfsg-10) bullseye: resolved (fixed in 3.2.8+dfsg-10) forky: resolved (fixed in 3.2.8+dfsg-10) sid: re

CVE-2015-2319 [MEDIUM] CVE-2015-2319: mono - The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to cond... The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. Scope: local bookworm: resolved (fixed in 3.2.8+dfsg-10) bullseye: resolved (fixed in 3.2.8+dfsg-10) forky: resolved (fixed in 3.2.8+dfsg-1

CVE-2012-3543 [HIGH] CVE-2012-3543: mono - mono 2.10.x ASP.NET Web Form Hash collision DoS mono 2.10.x ASP.NET Web Form Hash collision DoS Scope: local bookworm: resolved (fixed in 2.10.8.1-7) bullseye: resolved (fixed in 2.10.8.1-7) forky: resolved (fixed in 2.10.8.1-7) sid: resolved (fixed in 2.10.8.1-7) trixie: resolved (fixed in 2.10.8.1-7)

CVE-2012-3382 [MEDIUM] CVE-2012-3382: mono - Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/c... Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. Scope: local bookworm: resolved (fixed in

CVE-2011-0990 [MEDIUM] CVE-2011-0990: mono - Race condition in the FastCopy optimization in the Array.Copy method in metadata... Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media f

CVE-2011-0991 [MEDIUM] CVE-2011-0991: mono - Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x bef... Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2011-0992 [MEDIUM] CVE-2011-0992: mono - Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x bef... Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2011-0989 [MEDIUM] CVE-2011-0989: mono - The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moon... The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media fil

CVE-2010-4159 [MEDIUM] CVE-2010-4159: mono - Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier... Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Scope: local bookworm: resolved (fixed in 2.6.7-4) bullseye: resolved (fixed in 2.6.7-4) forky: resolved (fixed in 2.6.7-4) sid: resolved (fixed in 2.6.7-4) trixie: resolved (fixed in

CVE-2010-4225 [MEDIUM] CVE-2010-4225: mono - Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.... Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." Scope: local bookworm: resolved (fixed in 2.6.7-5) bullseye: resolved (fixed in 2.6.7-5) forky: resolved (fixed in 2.6.7-5) sid: resolved (fixed in 2.6.7

CVE-2010-1459 [MEDIUM] CVE-2010-1459: mono - The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE f... The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. Scope: local bookworm: resolved (fixed in 2.4.4~svn151842-3) bullseye: resolved (fi

CVE-2009-0217 [MEDIUM] CVE-2009-0217: mono - The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendati... The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML

CVE-2009-0689 [MEDIUM] CVE-2009-0689: mono - Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the... Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, al

CVE-2008-3906 [MEDIUM] CVE-2008-3906: mono - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote at... CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. Scope: local bookworm: resolved (fixed in 1.9.1+dfsg-4) bullseye: resolved (fixed in 1.9.1+dfsg-4) forky: resolved (fixed in 1.9.1+dfsg-4) sid: resolved (fixed in 1.9