Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |||||
CVE-2015-2319 | 1 Mono-project | 1 Mono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | |||||
CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||
CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
CVE-2023-26314 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-02-28 | N/A | 8.8 HIGH |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. |