All the vulnerabilites related to mono - mono
Vulnerability from fkie_nvd
Published
2007-11-02 16:46
Modified
2024-11-21 00:37
Severity ?
Summary
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:suse_linux_openexchange_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "042AF078-032E-4058-9BB1-362A0AADDD92",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s390:*:*:*:*:*",
"matchCriteriaId": "4567FE5A-5061-4741-AA6D-4AB365579F8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02EE2D72-B1E6-4380-80B0-E40A23DDD115",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "D2E2EF3C-1379-4CBE-8FF5-DACD47834651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:8.0:*:retail_solution:*:*:*:*:*",
"matchCriteriaId": "9E4D356D-E894-4957-AD61-DA1145CC51FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*",
"matchCriteriaId": "DC55429E-B607-402D-A491-0EFE7D522F2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "C69ED2AB-9E0D-43B3-90F3-E2E10A5B1773",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*",
"matchCriteriaId": "C4F119BA-1FCA-41DF-B834-62F14CA8816E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:personal:*:*:*:*:*",
"matchCriteriaId": "2B3DC9CF-50E3-4E4D-9C42-715F81A588DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:ppc:*:*:*:*:*",
"matchCriteriaId": "96F0EAC3-9AC5-4575-80BB-00485619AE51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:professional:*:*:*:*:*",
"matchCriteriaId": "994ABCE2-3B9E-4E4E-83F7-CE2A79C70F64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "CF733F56-9793-4C72-AB61-3A4AA9C468C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "3FBC151E-D478-43FA-B5BD-1D8B25C703E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:personal:*:*:*:*:*",
"matchCriteriaId": "6A8AC384-D568-46AA-8B4C-4CCCE472BAA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "84B05DB5-3BF9-4576-970B-A1701FC369AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:professional:*:*:*:*:*",
"matchCriteriaId": "397B7AE2-248A-4D89-A562-CAA3AD66C862",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "F15CDDE2-BA9E-4B8D-8B01-21494360290E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5B367EE1-EB53-4DC6-B154-FFA99060DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.2:*:personal:*:*:*:*:*",
"matchCriteriaId": "51054FD3-ECBE-41B5-BF33-1A4B5DF5FB36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.2:*:professional:*:*:*:*:*",
"matchCriteriaId": "20C0890B-643B-49C9-B066-8F7D0DF1D0A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_united_linux:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF777CD-BB4F-4F21-A58E-4A42BD7DDE6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9A924D-4CB8-4081-9C9E-FC72DB869A7E",
"versionEndIncluding": "1.2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer en la clase Mono.Math.BigInteger en Mono versi\u00f3n 1.2.5.1 y anteriores permite que los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de vectores no espec\u00edficos relacionados a Reduce en m\u00e9todos Pow basados en Montgomery."
}
],
"id": "CVE-2007-5197",
"lastModified": "2024-11-21T00:37:21.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-02T16:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27439"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27493"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27511"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27583"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27612"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27639"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27937"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26279"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018892"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2024-11-21 01:20
Severity ?
Summary
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44241D62-3150-4C7E-A0D7-5580E8784715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "657BD07A-8EF8-4977-9BDF-E78FF8E9EA53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el m\u00f3dulo mod_mono para XSP en Mono v2.8.x anterior a v2.8.2, permite a atacantes remotos obtener el c\u00f3digo fuente de aplicaciones .aspx (ASP.NET) a trav\u00e9s de vectores desconocidos relacionados con un \"error de descarga\"."
}
],
"id": "CVE-2010-4225",
"lastModified": "2024-11-21T01:20:29.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-11T03:00:03.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/70312"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42842"
},
{
"source": "cve@mitre.org",
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/45711"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 21:55
Modified
2024-11-21 01:25
Severity ?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74F2C01-7E26-474A-B8CA-EFCC5C91D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "704EB745-3307-4903-8B3B-DCC6682EE228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6358-630E-43FA-B2B8-C99A8808BB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AADDCD5B-D116-4BFC-BD2B-4EB6F4470359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*",
"matchCriteriaId": "21676825-737D-4071-A7F1-BFB6047215F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo usar despu\u00e9s de liberar en Mono, si Moonlight v2.x anteriores a 2.4.1 o 3.x anteriores a 3.99.3 es utilizado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del plugin) u obtener informaci\u00f3n confidencial a trav\u00e9s de datos miembros de una instancia \"resurrected MonoThread\"."
}
],
"id": "CVE-2011-0992",
"lastModified": "2024-11-21T01:25:15.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-13T21:55:00.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-17 16:00
Modified
2024-11-21 01:20
Severity ?
Summary
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mono | mono | * | |
| mono | mono | 1.0 | |
| mono | mono | 1.0.1 | |
| mono | mono | 1.0.2 | |
| mono | mono | 1.0.4 | |
| mono | mono | 1.0.5 | |
| mono | mono | 1.0.6 | |
| mono | mono | 1.1.1 | |
| mono | mono | 1.1.2 | |
| mono | mono | 1.1.3 | |
| mono | mono | 1.1.4 | |
| mono | mono | 1.1.5 | |
| mono | mono | 1.1.6 | |
| mono | mono | 1.1.7 | |
| mono | mono | 1.1.8 | |
| mono | mono | 1.1.8.1 | |
| mono | mono | 1.1.8.3 | |
| mono | mono | 1.1.9 | |
| mono | mono | 1.1.9.1 | |
| mono | mono | 1.1.9.2 | |
| mono | mono | 1.1.10 | |
| mono | mono | 1.1.10.1 | |
| mono | mono | 1.1.11 | |
| mono | mono | 1.1.12 | |
| mono | mono | 1.1.12.1 | |
| mono | mono | 1.1.13 | |
| mono | mono | 1.1.13.2 | |
| mono | mono | 1.1.13.4 | |
| mono | mono | 1.1.13.5 | |
| mono | mono | 1.1.13.6 | |
| mono | mono | 1.1.13.7 | |
| mono | mono | 1.1.13.8 | |
| mono | mono | 1.1.13.8.1 | |
| mono | mono | 1.1.14 | |
| mono | mono | 1.1.15 | |
| mono | mono | 1.1.16 | |
| mono | mono | 1.1.16.1 | |
| mono | mono | 1.1.17 | |
| mono | mono | 1.1.17.1 | |
| mono | mono | 1.1.17.2 | |
| mono | mono | 1.1.18 | |
| mono | mono | 1.2 | |
| mono | mono | 1.2.1 | |
| mono | mono | 1.2.2 | |
| mono | mono | 1.2.2.1 | |
| mono | mono | 1.2.3 | |
| mono | mono | 1.2.3.1 | |
| mono | mono | 1.2.4 | |
| mono | mono | 1.2.5 | |
| mono | mono | 1.2.5.1 | |
| mono | mono | 1.2.5.2 | |
| mono | mono | 1.2.6 | |
| mono | mono | 1.9 | |
| mono | mono | 1.9.1 | |
| mono | mono | 2.0 | |
| mono | mono | 2.0.1 | |
| mono | mono | 2.2 | |
| mono | mono | 2.4 | |
| mono | mono | 2.4.2 | |
| mono | mono | 2.4.2.1 | |
| mono | mono | 2.4.2.2 | |
| mono | mono | 2.4.2.3 | |
| mono | mono | 2.4.3 | |
| mono | mono | 2.6 | |
| mono | mono | 2.6.3 | |
| mono | mono | 2.6.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C76ECD3-F1FA-4783-8E0A-919EA4042D73",
"versionEndIncluding": "2.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD925F27-45C0-4319-A199-433289742952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8C5613-87D1-415D-B918-3CF64C0C40F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "73F75B9D-3DC1-4994-AB23-D0435C222910",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano de la biblioteca compartida en el directorio de trabajo actual."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2010-4159",
"lastModified": "2024-11-21T01:20:20.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-17T16:00:36.687",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44810"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-06 13:44
Modified
2024-11-21 01:20
Severity ?
Summary
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:moonlight:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4B24CA-B511-49A1-A3F6-5128279D1339",
"versionEndIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.99.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF483675-722E-42AF-9698-4BFBE4987ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB09C96-4186-4828-AF42-BDAB1D52C510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "925AFBDD-F52F-4D71-B201-1002B0B2924B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.99.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DD682A37-02C5-481B-A1EB-CD8452757E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.99.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AE13D028-0948-4C9C-9EF4-56956ED64006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
},
{
"lang": "es",
"value": "Mono, cuando Moonlight en versiones anteriores a la 2.3.0.1 o 2.99.x anteriores a la 2.99.0.10 es utilizado, no valida apropiadamente los argumentos a los m\u00e9todos gen\u00e9ricos. Lo que permite a atacantes remotos evitar las restricciones gen\u00e9ricas y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una llamada a un m\u00e9todo modificado."
}
],
"id": "CVE-2010-4254",
"lastModified": "2024-11-21T01:20:33.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-06T13:44:54.157",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42373"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45051"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-14 05:00
Modified
2024-11-20 23:55
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 1.0 | |
| microsoft | .net_framework | 1.0 | |
| microsoft | .net_framework | 1.0 | |
| microsoft | .net_framework | 1.1 | |
| microsoft | .net_framework | 1.1 | |
| mono | mono | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "766661C0-6A35-4F62-8325-3840A75CF3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "603D5B6B-8BDE-491F-A60E-EFFDC9E0BA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8C0CBA3B-6BA9-443B-A40A-46CC1994748F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A927C9E-5CCC-4FC1-AE63-24B96A5FC51A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
],
"id": "CVE-2005-0509",
"lastModified": "2024-11-20T23:55:17.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14325"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-12 21:55
Modified
2024-11-21 01:40
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74ABAAEC-7F7A-4561-9C97-9FD3B4B353E0",
"versionEndIncluding": "2.10.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la funci\u00f3n ProcessRequest en mcs/class/System.Web/System.web/HttpForbiddenHandler.cs en Mono v2.10.8 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un archivo con un nombre modificado y una extensi\u00f3n prohibida, que no es correctamente manipulado en un mensaje de error."
}
],
"id": "CVE-2012-3382",
"lastModified": "2024-11-21T01:40:45.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-12T21:55:08.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15374367"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 21:55
Modified
2024-11-21 01:25
Severity ?
Summary
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74F2C01-7E26-474A-B8CA-EFCC5C91D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "704EB745-3307-4903-8B3B-DCC6682EE228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6358-630E-43FA-B2B8-C99A8808BB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AADDCD5B-D116-4BFC-BD2B-4EB6F4470359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*",
"matchCriteriaId": "21676825-737D-4071-A7F1-BFB6047215F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
},
{
"lang": "es",
"value": "El m\u00e9todo RuntimeHelpers.InitializeArray de metadata/icall.c de Mono, si Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3 es utilizado, no restringe apropiadamente los tipos de datos, lo que permite a atacantes remotos modificar las estructuras de datos de s\u00f3lo lectura internas, y provocar una denegaci\u00f3n de servicio (ca\u00edda o cuelgue del plugin) o coromper el estado interno del gestor de seguridad, a trav\u00e9s de un fichero multimedia modificado, como se ha demostrado modificando una struct C#."
}
],
"id": "CVE-2011-0989",
"lastModified": "2024-11-21T01:25:15.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-13T21:55:00.737",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "cve@mitre.org",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 21:55
Modified
2024-11-21 01:25
Severity ?
Summary
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74F2C01-7E26-474A-B8CA-EFCC5C91D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "704EB745-3307-4903-8B3B-DCC6682EE228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6358-630E-43FA-B2B8-C99A8808BB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AADDCD5B-D116-4BFC-BD2B-4EB6F4470359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*",
"matchCriteriaId": "21676825-737D-4071-A7F1-BFB6047215F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la optimizaci\u00f3n de FastCopy en el m\u00e9todo Array.Copy en metadata/icall.c de Mono, cuando se utiliza Moonlight 2.x anterior a 2.4.1 o 3.x anterior a 3.99.3, permite a atacantes remotos provocar un desbordamiento del b\u00fafer y modificar las estructuras internas de datos, tambi\u00e9n permite provocar una denegaci\u00f3n de servicio (ca\u00edda del plugin) o corromper el estado interno del gestor de seguridad mediante un fichero media manipulado, en el que un hilo realiza un cambio despu\u00e9s de una comprobaci\u00f3n de escritura pero antes de una acci\u00f3n de copiado."
}
],
"id": "CVE-2011-0990",
"lastModified": "2024-11-21T01:25:15.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-13T21:55:00.783",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "cve@mitre.org",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-31 21:41
Modified
2024-11-21 00:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mono | mono | 1.0 | |
| mono | mono | 1.0.5 | |
| mono | mono | 1.1.4 | |
| mono | mono | 1.1.8.3 | |
| mono | mono | 1.1.13 | |
| mono | mono | 1.1.13.4 | |
| mono | mono | 1.1.13.6 | |
| mono | mono | 1.1.13.7 | |
| mono | mono | 1.1.17 | |
| mono | mono | 1.1.17.1 | |
| mono | mono | 1.1.18 | |
| mono | mono | 1.2.5.1 | |
| mono_project | mono | * | |
| mono_project | mono | 1.2.1 | |
| mono_project | mono | 1.2.2 | |
| mono_project | mono | 1.2.3 | |
| mono_project | mono | 1.2.4 | |
| mono_project | mono | 1.2.5 | |
| mono_project | mono | 1.2.6 | |
| mono_project | mono | 1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F33FED4-EE33-41EF-8B24-F751D0A9891B",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "403E554C-FD1B-42CE-82C2-43CC191905DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78278FE6-26EA-4E89-9423-EABA6C4D8877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15E1695E-FD6E-4602-9BD9-9CFFF20574CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "691B3AF1-7F3F-4A7D-9F16-FE6044E33482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DE3739-A2ED-47D7-9AE9-442A95ACFC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAB5331-AD2E-483C-93C3-8095BBBA0572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CC03DC-14A6-4C45-9511-7CE8E7F727BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) de las librer\u00edas de clase ASP.net en Mono 2.0 y versiones anteriores, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de atributos manipulados relacionados con (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), y (5) HtmlSelect (RenderChildren)."
}
],
"id": "CVE-2008-3422",
"lastModified": "2024-11-21T00:49:13.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-31T21:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31338"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36494"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30471"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/826-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-13 21:55
Modified
2024-11-21 01:25
Severity ?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E062208D-082B-4BFD-85CA-3848ECE6F8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711824C0-5BFC-4D3A-BAB2-84B8F20BDD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C74F2C01-7E26-474A-B8CA-EFCC5C91D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "704EB745-3307-4903-8B3B-DCC6682EE228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6358-630E-43FA-B2B8-C99A8808BB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AADDCD5B-D116-4BFC-BD2B-4EB6F4470359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:moonlight:3.99:*:*:*:*:*:*:*",
"matchCriteriaId": "21676825-737D-4071-A7F1-BFB6047215F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en Mono cuando se usa Moonlight v2.x anteriores a v2.4.1 o v3.x anteriores a v3.99.3 , permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente alg\u00fan impacto a trav\u00e9s de vectores relacionados con la finalizaci\u00f3n y luego resucitar una instancia DynamicMethod."
}
],
"id": "CVE-2011-0991",
"lastModified": "2024-11-21T01:25:15.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-13T21:55:00.830",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-10 04:06
Modified
2024-11-21 00:17
Severity ?
Summary
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
},
{
"lang": "es",
"value": "Las clases System.CodeDom.Compiler en Novell Mono crean archivos temporales con permisos no seguros, lo cual permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n a ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un ataque symlink."
}
],
"id": "CVE-2006-5072",
"lastModified": "2024-11-21T00:17:45.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://fedoranews.org/cms/node/2401"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22237"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22277"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22614"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23154"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23213"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23776"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20340"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fedoranews.org/cms/node/2401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-04 17:41
Modified
2024-11-21 00:50
Severity ?
Summary
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mono | mono | 1.0 | |
| mono | mono | 1.0.5 | |
| mono | mono | 1.1.4 | |
| mono | mono | 1.1.8.3 | |
| mono | mono | 1.1.13 | |
| mono | mono | 1.1.13.4 | |
| mono | mono | 1.1.13.6 | |
| mono | mono | 1.1.13.7 | |
| mono | mono | 1.1.17 | |
| mono | mono | 1.1.17.1 | |
| mono | mono | 1.1.18 | |
| mono | mono | 1.2.5.1 | |
| mono_project | mono | * | |
| mono_project | mono | 1.2.1 | |
| mono_project | mono | 1.2.2 | |
| mono_project | mono | 1.2.3 | |
| mono_project | mono | 1.2.4 | |
| mono_project | mono | 1.2.5 | |
| mono_project | mono | 1.2.6 | |
| mono_project | mono | 1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F33FED4-EE33-41EF-8B24-F751D0A9891B",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "403E554C-FD1B-42CE-82C2-43CC191905DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78278FE6-26EA-4E89-9423-EABA6C4D8877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15E1695E-FD6E-4602-9BD9-9CFFF20574CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "691B3AF1-7F3F-4A7D-9F16-FE6044E33482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DE3739-A2ED-47D7-9AE9-442A95ACFC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAB5331-AD2E-483C-93C3-8095BBBA0572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CC03DC-14A6-4C45-9511-7CE8E7F727BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query)."
}
],
"id": "CVE-2008-3906",
"lastModified": "2024-11-21T00:50:24.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-04T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31643"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36494"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/826-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 18:17
Modified
2024-11-21 00:37
Severity ?
Summary
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9A924D-4CB8-4081-9C9E-FC72DB869A7E",
"versionEndIncluding": "1.2.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
},
{
"lang": "es",
"value": "StaticFileHandler.cs en System.Web de Mono anterior a 1.2.5.2, al ser ejecutado en Windows, permite a atacantes remotos obtener el c\u00f3digo fuente de ficheros sensibles mediante una petici\u00f3n que contiene (1) un espacio o (2) un punto de seguimiento, que no es manejado adecuadamente por XSP."
}
],
"id": "CVE-2007-5473",
"lastModified": "2024-11-21T00:37:58.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41871"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27349"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26166"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-27 19:00
Modified
2024-11-21 01:14
Severity ?
Summary
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mono | mono | 1.0 | |
| mono | mono | 1.0.1 | |
| mono | mono | 1.0.2 | |
| mono | mono | 1.0.4 | |
| mono | mono | 1.0.5 | |
| mono | mono | 1.0.6 | |
| mono | mono | 1.1.1 | |
| mono | mono | 1.1.2 | |
| mono | mono | 1.1.3 | |
| mono | mono | 1.1.4 | |
| mono | mono | 1.1.5 | |
| mono | mono | 1.1.6 | |
| mono | mono | 1.1.7 | |
| mono | mono | 1.1.8 | |
| mono | mono | 1.1.8.1 | |
| mono | mono | 1.1.8.3 | |
| mono | mono | 1.1.9 | |
| mono | mono | 1.1.9.1 | |
| mono | mono | 1.1.9.2 | |
| mono | mono | 1.1.10 | |
| mono | mono | 1.1.10.1 | |
| mono | mono | 1.1.11 | |
| mono | mono | 1.1.12 | |
| mono | mono | 1.1.12.1 | |
| mono | mono | 1.1.13 | |
| mono | mono | 1.1.13.2 | |
| mono | mono | 1.1.13.4 | |
| mono | mono | 1.1.13.5 | |
| mono | mono | 1.1.13.6 | |
| mono | mono | 1.1.13.7 | |
| mono | mono | 1.1.13.8 | |
| mono | mono | 1.1.13.8.1 | |
| mono | mono | 1.1.14 | |
| mono | mono | 1.1.15 | |
| mono | mono | 1.1.16 | |
| mono | mono | 1.1.16.1 | |
| mono | mono | 1.1.17 | |
| mono | mono | 1.1.17.1 | |
| mono | mono | 1.1.17.2 | |
| mono | mono | 1.1.18 | |
| mono | mono | 1.2 | |
| mono | mono | 1.2.1 | |
| mono | mono | 1.2.2 | |
| mono | mono | 1.2.2.1 | |
| mono | mono | 1.2.3 | |
| mono | mono | 1.2.3.1 | |
| mono | mono | 1.2.4 | |
| mono | mono | 1.2.5 | |
| mono | mono | 1.2.5.1 | |
| mono | mono | 1.2.5.2 | |
| mono | mono | 1.2.6 | |
| mono | mono | 1.9 | |
| mono | mono | 1.9.1 | |
| mono | mono | 2.0 | |
| mono | mono | 2.0.1 | |
| mono | mono | 2.2 | |
| mono | mono | 2.4 | |
| mono | mono | 2.4.2 | |
| mono | mono | 2.4.2.1 | |
| mono | mono | 2.4.2.2 | |
| mono | mono | 2.4.2.3 | |
| mono | mono | 2.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el par\u00e1metro \r\n__VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project."
}
],
"id": "CVE-2010-1459",
"lastModified": "2024-11-21T01:14:28.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-27T19:00:00.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40351"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2011-0992
Vulnerability from cvelistv5
Published
2011-04-13 21:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66627 | vdb-entry, x_refsource_XF | |
| https://bugzilla.novell.com/show_bug.cgi?id=678515 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=667077 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47208 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2011/04/06/14 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/44002 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mono-project.com/Vulnerabilities | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=694933 | x_refsource_CONFIRM | |
| https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44076 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2011/0904 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "momo-monothread-info-disclosure(66627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0992",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0990
Vulnerability from cvelistv5
Published
2011-04-13 21:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=667077 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47208 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2011/04/06/14 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/44002 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mono-project.com/Vulnerabilities | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44076 | third-party-advisory, x_refsource_SECUNIA | |
| https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66625 | vdb-entry, x_refsource_XF | |
| http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2011/0904 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0990",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1459
Vulnerability from cvelistv5
Published
2010-05-27 18:32
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting | x_refsource_CONFIRM | |
| http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/40351 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx",
"refsource": "MISC",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1459",
"datePublished": "2010-05-27T18:32:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3906
Vulnerability from cvelistv5
Published
2008-09-04 17:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30867 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44740 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/36494 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2008/08/27/6 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2008/2443 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/496845/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=418620 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/31643 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:210 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=418620",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3906",
"datePublished": "2008-09-04T17:00:00",
"dateReserved": "2008-09-04T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5072
Vulnerability from cvelistv5
Published
2006-10-05 23:00
Modified
2024-08-07 19:32
Severity ?
EPSS score ?
Summary
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:073",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5072",
"datePublished": "2006-10-05T23:00:00",
"dateReserved": "2006-09-28T00:00:00",
"dateUpdated": "2024-08-07T19:32:23.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4159
Vulnerability from cvelistv5
Published
2010-11-17 15:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/3059 | vdb-entry, x_refsource_VUPEN | |
| http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=128941802415318&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42174 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=641915 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/44810 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=oss-security&m=128939912716499&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=128939873515821&w=2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4159",
"datePublished": "2010-11-17T15:00:00",
"dateReserved": "2010-11-04T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4225
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/0051 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/45711 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64532 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/70312 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/42842 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"refsource": "OSVDB",
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42842"
},
{
"name": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4225",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-11-10T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5473
Vulnerability from cvelistv5
Published
2007-10-18 18:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26166 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/41871 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/27349 | third-party-advisory, x_refsource_SECUNIA | |
| http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37341 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"refsource": "OSVDB",
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27349"
},
{
"name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs",
"refsource": "CONFIRM",
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5473",
"datePublished": "2007-10-18T18:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0991
Vulnerability from cvelistv5
Published
2011-04-13 21:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=660422",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"name": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0991",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3543
Vulnerability from cvelistv5
Published
2019-11-21 14:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
mono 2.10.x ASP.NET Web Form Hash collision DoS
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-3543 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-3543 | x_refsource_MISC | |
| https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/08/28/14 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55251 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2547-1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mono",
"vendor": "mono",
"versions": [
{
"status": "affected",
"version": "2.10.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hash collision issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:00:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3543",
"datePublished": "2019-11-21T14:00:56",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0509
Vulnerability from cvelistv5
Published
2005-02-22 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110867912714913&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14325 | third-party-advisory, x_refsource_SECUNIA | |
| http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14325"
},
{
"name": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml",
"refsource": "MISC",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0509",
"datePublished": "2005-02-22T05:00:00",
"dateReserved": "2005-02-22T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3422
Vulnerability from cvelistv5
Published
2008-07-31 21:00
Modified
2024-08-07 09:37
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36494 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/31982 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=413534 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/31338 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44229 | vdb-entry, x_refsource_XF | |
| http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/30471 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/826-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=413534",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"refsource": "MLIST",
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3422",
"datePublished": "2008-07-31T21:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5197
Vulnerability from cvelistv5
Published
2007-11-02 16:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200711-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26279"
},
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=197067",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=367471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5197",
"datePublished": "2007-11-02T16:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0989
Vulnerability from cvelistv5
Published
2011-04-13 21:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=667077 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47208 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2011/04/06/14 | mailing-list, x_refsource_MLIST | |
| https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44002 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mono-project.com/Vulnerabilities | x_refsource_CONFIRM | |
| http://secunia.com/advisories/44076 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2011/0904 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66624 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0989",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3382
Vulnerability from cvelistv5
Published
2012-07-12 21:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 | x_refsource_CONFIRM | |
| https://hermes.opensuse.org/messages/15374367 | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.novell.com/show_bug.cgi?id=769799 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/07/06/11 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:11.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3382",
"datePublished": "2012-07-12T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:11.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4254
Vulnerability from cvelistv5
Published
2010-12-03 20:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-15T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4254",
"datePublished": "2010-12-03T20:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201904-0811
Vulnerability from variot
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.9.4"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.3"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.4.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1.500"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.20.0"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.2.100"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 for mac"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.20"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "visual studio for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.505"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.13"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.9"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.12"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0.15"
}
],
"sources": [
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,The vendor reported this issue.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0757",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID: RHSA-2019:0544-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0544\nIssue date: 2019-03-13\nCVE Names: CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0757",
"trust": 3.0
},
{
"db": "BID",
"id": "107285",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152073",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"id": "VAR-201904-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21178882
},
"last_update_date": "2023-12-18T13:02:13.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mono-project.com/"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0757"
},
{
"title": "Microsoft NuGet Package Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90061"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
},
{
"title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190544 - security advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/107285"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0544"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190012.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0757 "
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-03-13T14:27:10",
"db": "PACKETSTORM",
"id": "152073"
},
{
"date": "2019-04-09T02:29:00.600000",
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-13T09:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2022-04-11T20:36:04.833000",
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Product Linux and Mac For NuGet Package Manager Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
}
}