Mono

This hub aggregates every CVE we track for Mono, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mono.

• CVE-2023-35373Mono Authenticode Validation Spoofing Vulnerability5.3Jul 11, 2023
• CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.8.8Feb 22, 2023
• CVE-2021-24112.NET Core Remote Code Execution Vulnerability8.1Feb 25, 2021
• CVE-2012-3543mono 2.10.x ASP.NET Web Form Hash collision DoS7.5Nov 21, 2019
• CVE-2015-2320The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.9.8Jan 8, 2018
• CVE-2015-2318The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka...8.1Jan 8, 2018
• CVE-2015-2319The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different...7.5Jan 8, 2018
• CVE-2012-3382Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbit...4.3Jul 12, 2012
• CVE-2011-0990Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a ...5.8Apr 13, 2011
• CVE-2011-0989The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attac...5.8Apr 13, 2011
• CVE-2011-0991Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...6.8Apr 13, 2011
• CVE-2011-0992Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive informati...5.8Apr 13, 2011
• CVE-2010-4225Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to...5.0Jan 11, 2011
• CVE-2010-4254Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and pos...7.5Dec 3, 2010
• CVE-2010-4159Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.6.9Nov 17, 2010