threat
engine
.sh
Back
·
··:··
Home
/
Product
/
mono
Product
mono
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-35373
>= 6.12.0 and < 6.12.0.200
Mono Authenticode Validation Spoofing Vulnerability
5.3
MEDIUM
CVE-2023-26314
all versions
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable
8.8
HIGH
CVE-2021-24112
>= 6.12.0 and < 6.12.0.122
.NET Core Remote Code Execution Vulnerability
8.1
HIGH
CVE-2020-12471
<= 5.1.40.5152
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx
9.8
CRITICAL
CVE-2020-12470
<= 5.1.40.5152
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
7.2
HIGH
CVE-2020-12473
<= 5.1.40.5152
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpe
7.2
HIGH
CVE-2020-12472
<= 5.1.40.5152
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
5.4
MEDIUM
CVE-2012-3543
>= 2.10 and <= 2.10.12
mono 2.10.x ASP.NET Web Form Hash collision DoS
7.5
HIGH
CVE-2015-2320
< 3.12.1
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fa
9.8
CRITICAL
CVE-2015-2319
< 3.12.1
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers
7.5
HIGH
CVE-2015-2318
< 3.12.1
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impers
8.1
HIGH
CVE-2012-3382
<= 2.10.8
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs
CVE-2011-0992
all versions
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cau
CVE-2011-0991
all versions
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cau
CVE-2011-0990
all versions
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1
CVE-2011-0989
all versions
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is use
CVE-2010-4225
all versions
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source c
CVE-2010-4254
all versions
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, w
CVE-2010-4159
<= 2.6.7
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Troja
CVE-2010-1459
all versions
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows r
CVE-2009-0217
all versions
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the O
CVE-2008-3906
all versions
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and condu
CVE-2008-3422
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers
CVE-2007-5197
<= 1.2.5.1
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitr
CVE-2007-5473
<= 1.2.5.1
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code
CVE-2006-6104
all versions
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows
CVE-2006-5072
all versions
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to o
CVE-2006-2658
all versions
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1
CVE-2005-0509
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to i
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin