Mono-projectCVEs & Vulnerabilities

7 CVEs affecting Mono-project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

mono 6mono framework 2libgdiplus 1
CVE-2023-26314HIGH

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

22 Feb 2023
8.8
CVSS
CVE-2012-3543HIGH

mono 2.10.x ASP.NET Web Form Hash collision DoS

21 Nov 2019
7.5
CVSS
CVE-2019-0757MEDIUM

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

9 Apr 2019
6.5
CVSS
CVE-2015-2320CRITICAL

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

8 Jan 2018
9.8
CVSS
CVE-2015-2319HIGH

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

8 Jan 2018
7.5
CVSS
CVE-2015-2318HIGH

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

8 Jan 2018
8.1
CVSS
CVE-2010-1526MEDIUM

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.

25 Aug 2010
6.8
CVSS
← PrevPage 1 / 1Next →