Mono-Project Mono vulnerabilities

CVE-2023-26314 [HIGH] CVE-2023-26314: The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the ap The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVE-2015-2320 [CRITICAL] CWE-295 CVE-2015-2320: The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors r The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

CVE-2015-2319 [HIGH] CVE-2015-2319: The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

CVE-2015-2318 [HIGH] CWE-295 CVE-2015-2318: The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping a The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.