Mono

mono

21 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-12471 1Mono 1Monox Nov 21, 2024 Apr 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadMo...Show more MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.Show less
CVE-2020-12470 1Mono 1Monox Nov 21, 2024 Apr 29, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
CVE-2020-12473 1Mono 1Monox Nov 21, 2024 Apr 29, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.
CVE-2020-12472 1Mono 1Monox Nov 21, 2024 Apr 29, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
CVE-2012-3382 1Mono 1Mono Apr 29, 2026 Jul 12, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML...Show more Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.Show less
CVE-2011-0992 2Mono Novell 2Mono Moonlight Apr 29, 2026 Apr 13, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related...Show more Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.Show less
CVE-2011-0991 2Mono Novell 2Mono Moonlight Apr 29, 2026 Apr 13, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to fi...Show more Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.Show less
CVE-2011-0990 2Mono Novell 2Mono Moonlight Apr 29, 2026 Apr 13, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and mod...Show more Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.Show less
CVE-2011-0989 2Mono Novell 2Mono Moonlight Apr 29, 2026 Apr 13, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal...Show more The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.Show less
CVE-2010-4225 1Mono 1Mono Apr 29, 2026 Jan 11, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
CVE-2010-4254 2Mono Novell 2Mono Moonlight Apr 29, 2026 Dec 6, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary...Show more Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.Show less
CVE-2010-4159 1Mono 1Mono Apr 29, 2026 Nov 17, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2010-1459 1Mono 1Mono Apr 29, 2026 May 27, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VI...Show more The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.Show less
CVE-2008-3906 2Mono Mono Project 2Mono Mono Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
CVE-2008-3422 2Mono Mono Project 2Mono Mono Apr 23, 2026 Jul 31, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.c...Show more Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).Show less
CVE-2007-5197 1Mono 1Mono Apr 23, 2026 Nov 2, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
CVE-2007-5473 1Mono 1Mono Apr 23, 2026 Oct 18, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not...Show more StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.Show less
CVE-2006-6104 1Mono 1Xsp Apr 23, 2026 Dec 21, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read...Show more The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.Show less
CVE-2006-5072 1Mono 1Mono Apr 23, 2026 Oct 10, 2006 N/A· v4 N/A· v3 6.2 MEDIUM· v2 The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
CVE-2006-2658 2Mono Suse 3Suse Linux Suse Open Enterprise ServerXsp Apr 16, 2026 Sep 12, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .....Show more Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.Show less

12 Next