CVE Tools

mono

OSS Librariesoss-project

12

Cumulative CVEs

9

Monthly snapshots

#17

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting mono.

CVE-2020-12470MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.7.2Apr 29, 2020
CVE-2020-12471MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGall...9.8Apr 29, 2020
CVE-2020-12472MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.5.4Apr 29, 2020
CVE-2020-12473MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.7.2Apr 29, 2020
CVE-2012-3543mono 2.10.x ASP.NET Web Form Hash collision DoS7.5Nov 21, 2019
CVE-2012-3382Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbit...4.3Jul 12, 2012
CVE-2011-0992Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive informati...5.8Apr 13, 2011
CVE-2011-0991Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...6.8Apr 13, 2011
CVE-2011-0990Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a ...5.8Apr 13, 2011
CVE-2011-0989The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attac...5.8Apr 13, 2011
CVE-2010-4225Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to...5.0Jan 11, 2011
CVE-2010-4254Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and pos...7.5Dec 3, 2010
CVE-2010-4159Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.6.9Nov 17, 2010
CVE-2010-1459The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as d...4.3May 27, 2010
CVE-2008-3906CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query ...4.3Sep 4, 2008