Debian Mono vulnerabilities

26 known vulnerabilities affecting debian/mono.

Total CVEs

26

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH4MEDIUM10LOW11

Vulnerabilities

Page 2 of 2

CVE-2008-3422LOWCVSS 4.3fixed in mono 1.9.1+dfsg-4 (bookworm)2008

CVE-2008-3422 [MEDIUM] CVE-2008-3422: mono - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class librari... Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes

CVE-2007-5197HIGHCVSS 7.5fixed in mono 1.2.5.1-2 (bookworm)2007

CVE-2007-5197 [HIGH] CVE-2007-5197: mono - Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier al... Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. Scope: local bookworm: resolved (fixed in 1.2.5.1-2) bullseye: resolved (fixed in 1.2.5.1-2) forky: resolved (fixed in 1.2.5.1-2) sid: resolved (fixed in 1.2.5

CVE-2007-5473LOWCVSS 5.02007

CVE-2007-5473 [MEDIUM] CVE-2007-5473: mono - StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windo... StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2006-5072MEDIUMCVSS 6.2fixed in mono 1.1.17.1-5 (bookworm)2006

CVE-2006-5072 [MEDIUM] CVE-2006-5072: mono - The System.CodeDom.Compiler classes in Novell Mono create temporary files with i... The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Scope: local bookworm: resolved (fixed in 1.1.17.1-5) bullseye: resolved (fixed in 1.1.17.1-5) forky: resolved (fixed in 1.1.17.1-5) sid: resolved (fixed in 1.1.17.1-5)

CVE-2006-6104LOWCVSS 5.0PoCfixed in mono 1.2.2.1-1 (bookworm)2006

CVE-2006-6104 [MEDIUM] CVE-2006-6104: mono - The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does ... The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. Scope: local bookworm: resolved (fixed in 1.2.2.1-1) bullseye: resolved (fixed in 1.2.2.1-1) forky: resol

CVE-2005-0509MEDIUMCVSS 4.3fixed in mono 1.1.6-4 (bookworm)2005

CVE-2005-0509 [MEDIUM] CVE-2005-0509: mono - Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementa... Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". Scope: local bookworm: resolved (fixed in 1.1.6-4) bullseye: resolved (fixed

← Previous2 / 2