Search

Find a vulnerability

Search criteria

    33 vulnerabilities found for mono by mono

    VAR-201904-0811

    Vulnerability from variot - Updated: 2024-11-23 21:59

    A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

    Bug Fix(es):

    • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

    • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:

    Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    .NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.

    New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    For more information, please refer to the upstream doc in the References section.

    1. Solution:

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505

    1. Package List:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

    x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

    x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

    x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

    x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

    x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

    x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

    x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

    x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm

    x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm

    x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm

    x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm

    x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.9.4"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.8.2"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.7.2"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.6.3"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.5.2"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.4.2"
          },
          {
            "model": "nuget",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "4.3.1"
          },
          {
            "model": ".net core sdk",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "2.1.500"
          },
          {
            "model": ".net core sdk",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "microsoft",
            "version": "1.1"
          },
          {
            "model": "framework",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mono",
            "version": "5.18.0.223"
          },
          {
            "model": "framework",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mono",
            "version": "5.20.0"
          },
          {
            "model": ".net core sdk",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "microsoft",
            "version": "2.2.100"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "model": "visual studio 2017",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": null
          },
          {
            "model": "visual studio",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "2017 for mac"
          },
          {
            "model": "mono",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mono",
            "version": "5.20"
          },
          {
            "model": "mono",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mono",
            "version": "5.18.0.223"
          },
          {
            "model": "visual studio for mac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "0"
          },
          {
            "model": ".net core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2.1"
          },
          {
            "model": ".net core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.1"
          },
          {
            "model": ".net core",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.0"
          },
          {
            "model": ".net core sdk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2.1.505"
          },
          {
            "model": ".net core sdk",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.1.13"
          },
          {
            "model": ".net core",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "2.1.9"
          },
          {
            "model": ".net core",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.1.12"
          },
          {
            "model": ".net core",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.0.15"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:mono:mono_framework",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:.net_core_sdk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:visual_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:nuget",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat,The vendor reported this issue.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-0757",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-0757",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-0757",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-0757",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-0757",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-0757",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201903-445",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-0757",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID:       RHSA-2019:0544-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0544\nIssue date:        2019-03-13\nCVE Names:         CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "BID",
            "id": "107285"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "PACKETSTORM",
            "id": "152999"
          },
          {
            "db": "PACKETSTORM",
            "id": "152073"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-0757",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "107285",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "152999",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "42934",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0808",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1839",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-0757",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "152073",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "BID",
            "id": "107285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "PACKETSTORM",
            "id": "152999"
          },
          {
            "db": "PACKETSTORM",
            "id": "152073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "id": "VAR-201904-0811",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.19172932
      },
      "last_update_date": "2024-11-23T21:59:52.561000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.mono-project.com/"
          },
          {
            "title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
          },
          {
            "title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0757"
          },
          {
            "title": "Microsoft NuGet Package Manager Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90061"
          },
          {
            "title": "The Register",
            "trust": 0.2,
            "url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
          },
          {
            "title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190544 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
          },
          {
            "title": "Symantec Threat Intelligence Blog",
            "trust": 0.1,
            "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:1259"
          },
          {
            "trust": 2.2,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
          },
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/107285"
          },
          {
            "trust": 0.9,
            "url": "http://www.microsoft.com"
          },
          {
            "trust": 0.9,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:0544"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/at/2019/at190012.html"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-0757"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/42934"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/77050"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-0757 "
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
          },
          {
            "trust": 0.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
          },
          {
            "trust": 0.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0981"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
          },
          {
            "trust": 0.1,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0820"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "BID",
            "id": "107285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "PACKETSTORM",
            "id": "152999"
          },
          {
            "db": "PACKETSTORM",
            "id": "152073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "db": "BID",
            "id": "107285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "db": "PACKETSTORM",
            "id": "152999"
          },
          {
            "db": "PACKETSTORM",
            "id": "152073"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "date": "2019-03-12T00:00:00",
            "db": "BID",
            "id": "107285"
          },
          {
            "date": "2019-04-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "date": "2019-05-22T14:39:27",
            "db": "PACKETSTORM",
            "id": "152999"
          },
          {
            "date": "2019-03-13T14:27:10",
            "db": "PACKETSTORM",
            "id": "152073"
          },
          {
            "date": "2019-03-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "date": "2019-04-09T02:29:00.600000",
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-09-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-0757"
          },
          {
            "date": "2019-03-13T09:00:00",
            "db": "BID",
            "id": "107285"
          },
          {
            "date": "2019-04-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          },
          {
            "date": "2024-11-21T04:17:13.843000",
            "db": "NVD",
            "id": "CVE-2019-0757"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Microsoft Product  Linux and  Mac For  NuGet Package Manager Vulnerabilities to be tampered with",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-002673"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-445"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2012-3543 (GCVE-0-2012-3543)

    Vulnerability from nvd – Published: 2019-11-21 14:00 – Updated: 2024-08-06 20:13
    VLAI
    Summary
    mono 2.10.x ASP.NET Web Form Hash collision DoS
    Severity
    No CVSS data available.
    CWE
    • Hash collision issue
    Assigner
    Impacted products
    Vendor Product Version
    mono mono Affected: 2.10.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:13:50.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2547-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mono",
              "vendor": "mono",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.10.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hash collision issue",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-21T14:00:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/55251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2547-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3543",
        "datePublished": "2019-11-21T14:00:56.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:13:50.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3382 (GCVE-0-2012-3382)

    Vulnerability from nvd – Published: 2012-07-12 21:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:11.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
              },
              {
                "name": "openSUSE-SU-2012:0974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15374367"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
              },
              {
                "name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
              },
              {
                "name": "MDVSA-2012:140",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
            },
            {
              "name": "openSUSE-SU-2012:0974",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15374367"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
            },
            {
              "name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
            },
            {
              "name": "MDVSA-2012:140",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3382",
        "datePublished": "2012-07-12T21:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0992 (GCVE-0-2011-0992)

    Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "momo-monothread-info-disclosure(66627)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "momo-monothread-info-disclosure(66627)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "momo-monothread-info-disclosure(66627)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
                },
                {
                  "name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0992",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0991 (GCVE-0-2011-0991)

    Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
              },
              {
                "name": "momo-dynamicmethod-code-execution(66626)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
            },
            {
              "name": "momo-dynamicmethod-code-execution(66626)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0991",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=660422",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
                },
                {
                  "name": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
                },
                {
                  "name": "momo-dynamicmethod-code-execution(66626)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                },
                {
                  "name": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0991",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0990 (GCVE-0-2011-0990)

    Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
              },
              {
                "name": "momo-arraycopy-security-bypass(66625)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
            },
            {
              "name": "momo-arraycopy-security-bypass(66625)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
                },
                {
                  "name": "momo-arraycopy-security-bypass(66625)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0990",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0989 (GCVE-0-2011-0989)

    Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              },
              {
                "name": "momo-runtime-security-bypass(66624)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            },
            {
              "name": "momo-runtime-security-bypass(66624)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0989",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                },
                {
                  "name": "momo-runtime-security-bypass(66624)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0989",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4225 (GCVE-0-2010-4225)

    Vulnerability from nvd – Published: 2011-01-11 01:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0051 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/45711 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/70312 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/42842 third-party-advisoryx_refsource_SECUNIA
    http://www.mono-project.com/Vulnerabilities#XSP.2… x_refsource_CONFIRM
    Date Public
    2011-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0051"
              },
              {
                "name": "45711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45711"
              },
              {
                "name": "mono-modmono-source-disclosure(64532)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
              },
              {
                "name": "70312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70312"
              },
              {
                "name": "42842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0051",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0051"
            },
            {
              "name": "45711",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45711"
            },
            {
              "name": "mono-modmono-source-disclosure(64532)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
            },
            {
              "name": "70312",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70312"
            },
            {
              "name": "42842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-4225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0051",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0051"
                },
                {
                  "name": "45711",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45711"
                },
                {
                  "name": "mono-modmono-source-disclosure(64532)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
                },
                {
                  "name": "70312",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70312"
                },
                {
                  "name": "42842",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42842"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-4225",
        "datePublished": "2011-01-11T01:00:00.000Z",
        "dateReserved": "2010-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4254 (GCVE-0-2010-4254)

    Vulnerability from nvd – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-11-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "42373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
              },
              {
                "name": "15974",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15974"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
              },
              {
                "name": "45051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45051"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              },
              {
                "name": "SUSE-SR:2010:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-15T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "42373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
            },
            {
              "name": "15974",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15974"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
            },
            {
              "name": "45051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45051"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "SUSE-SR:2010:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4254",
        "datePublished": "2010-12-03T20:00:00.000Z",
        "dateReserved": "2010-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4159 (GCVE-0-2010-4159)

    Vulnerability from nvd – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-10-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
              },
              {
                "name": "ADV-2010-3059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3059"
              },
              {
                "name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
              },
              {
                "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
              },
              {
                "name": "MDVSA-2010:240",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
              },
              {
                "name": "42174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
              },
              {
                "name": "44810",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44810"
              },
              {
                "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
              },
              {
                "name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-10-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-12-07T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
            },
            {
              "name": "ADV-2010-3059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3059"
            },
            {
              "name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
            },
            {
              "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
            },
            {
              "name": "MDVSA-2010:240",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
            },
            {
              "name": "42174",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
            },
            {
              "name": "44810",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44810"
            },
            {
              "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
            },
            {
              "name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4159",
        "datePublished": "2010-11-17T15:00:00.000Z",
        "dateReserved": "2010-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1459 (GCVE-0-2010-1459)

    Vulnerability from nvd – Published: 2010-05-27 18:32 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:40.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
              },
              {
                "name": "SUSE-SR:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
              },
              {
                "name": "40351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40351"
              },
              {
                "name": "SUSE-SR:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
              },
              {
                "name": "SUSE-SR:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
            },
            {
              "name": "SUSE-SR:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "40351",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40351"
            },
            {
              "name": "SUSE-SR:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
            },
            {
              "name": "SUSE-SR:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
                },
                {
                  "name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx",
                  "refsource": "MISC",
                  "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
                },
                {
                  "name": "SUSE-SR:2010:013",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
                },
                {
                  "name": "40351",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40351"
                },
                {
                  "name": "SUSE-SR:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
                },
                {
                  "name": "SUSE-SR:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1459",
        "datePublished": "2010-05-27T18:32:00.000Z",
        "dateReserved": "2010-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:40.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3906 (GCVE-0-2008-3906)

    Vulnerability from nvd – Published: 2008-09-04 17:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30867 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2008/08/27/6 mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/2443 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/496845/100… mailing-listx_refsource_BUGTRAQ
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 x_refsource_CONFIRM
    https://bugzilla.novell.com/show_bug.cgi?id=418620 x_refsource_CONFIRM
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/31643 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2008-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30867"
              },
              {
                "name": "mono-sysweb-xss(44740)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
              },
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
              },
              {
                "name": "ADV-2008-2443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2443"
              },
              {
                "name": "20080930 rPSA-2008-0286-1 mono",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              },
              {
                "name": "31643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31643"
              },
              {
                "name": "MDVSA-2008:210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30867"
            },
            {
              "name": "mono-sysweb-xss(44740)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
            },
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
            },
            {
              "name": "ADV-2008-2443",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2443"
            },
            {
              "name": "20080930 rPSA-2008-0286-1 mono",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            },
            {
              "name": "31643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31643"
            },
            {
              "name": "MDVSA-2008:210",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30867"
                },
                {
                  "name": "mono-sysweb-xss(44740)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
                },
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
                },
                {
                  "name": "ADV-2008-2443",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2443"
                },
                {
                  "name": "20080930 rPSA-2008-0286-1 mono",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=418620",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                },
                {
                  "name": "31643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31643"
                },
                {
                  "name": "MDVSA-2008:210",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3906",
        "datePublished": "2008-09-04T17:00:00.000Z",
        "dateReserved": "2008-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3422 (GCVE-0-2008-3422)

    Vulnerability from nvd – Published: 2008-07-31 21:00 – Updated: 2024-08-07 09:37
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31982 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.novell.com/show_bug.cgi?id=413534 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/31338 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.ximian.com/pipermail/mono-devel-list… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/30471 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2008-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:37:26.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "31982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
              },
              {
                "name": "SUSE-SR:2008:018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
              },
              {
                "name": "31338",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31338"
              },
              {
                "name": "mono-aspnet-xss(44229)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
              },
              {
                "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
              },
              {
                "name": "30471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30471"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "31982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
            },
            {
              "name": "SUSE-SR:2008:018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
            },
            {
              "name": "31338",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31338"
            },
            {
              "name": "mono-aspnet-xss(44229)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
            },
            {
              "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
            },
            {
              "name": "30471",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30471"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3422",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "31982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31982"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=413534",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
                },
                {
                  "name": "SUSE-SR:2008:018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
                },
                {
                  "name": "31338",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31338"
                },
                {
                  "name": "mono-aspnet-xss(44229)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
                },
                {
                  "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
                  "refsource": "MLIST",
                  "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
                },
                {
                  "name": "30471",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30471"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3422",
        "datePublished": "2008-07-31T21:00:00.000Z",
        "dateReserved": "2008-07-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:37:26.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5197 (GCVE-0-2007-5197)

    Vulnerability from nvd – Published: 2007-11-02 16:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20071… vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/27493 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/26279 vdb-entryx_refsource_BID
    http://bugs.gentoo.org/attachment.cgi?id=134361&a… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/3716 vdb-entryx_refsource_VUPEN
    http://bugs.gentoo.org/show_bug.cgi?id=197067 x_refsource_CONFIRM
    http://secunia.com/advisories/27583 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1018892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27511 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27639 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/usn-553-1 vendor-advisoryx_refsource_UBUNTU
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://bugzilla.redhat.com/show_bug.cgi?id=367471 x_refsource_CONFIRM
    http://secunia.com/advisories/27439 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27612 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2007/dsa-1397 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    Date Public
    2007-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200711-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
              },
              {
                "name": "mono-big-integer-bo(38248)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
              },
              {
                "name": "27493",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27493"
              },
              {
                "name": "26279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26279"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
              },
              {
                "name": "ADV-2007-3716",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
              },
              {
                "name": "27583",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27583"
              },
              {
                "name": "1018892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018892"
              },
              {
                "name": "27937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27937"
              },
              {
                "name": "27511",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27511"
              },
              {
                "name": "27639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27639"
              },
              {
                "name": "FEDORA-2007-3130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
              },
              {
                "name": "USN-553-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-553-1"
              },
              {
                "name": "MDKSA-2007:218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
              },
              {
                "name": "27439",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27439"
              },
              {
                "name": "27612",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27612"
              },
              {
                "name": "DSA-1397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1397"
              },
              {
                "name": "SUSE-SR:2007:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200711-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
            },
            {
              "name": "mono-big-integer-bo(38248)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
            },
            {
              "name": "27493",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27493"
            },
            {
              "name": "26279",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26279"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
            },
            {
              "name": "ADV-2007-3716",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
            },
            {
              "name": "27583",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27583"
            },
            {
              "name": "1018892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018892"
            },
            {
              "name": "27937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27937"
            },
            {
              "name": "27511",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27511"
            },
            {
              "name": "27639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27639"
            },
            {
              "name": "FEDORA-2007-3130",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
            },
            {
              "name": "USN-553-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-553-1"
            },
            {
              "name": "MDKSA-2007:218",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
            },
            {
              "name": "27439",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27439"
            },
            {
              "name": "27612",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27612"
            },
            {
              "name": "DSA-1397",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1397"
            },
            {
              "name": "SUSE-SR:2007:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200711-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
                },
                {
                  "name": "mono-big-integer-bo(38248)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
                },
                {
                  "name": "27493",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27493"
                },
                {
                  "name": "26279",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26279"
                },
                {
                  "name": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
                },
                {
                  "name": "ADV-2007-3716",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3716"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=197067",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
                },
                {
                  "name": "27583",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27583"
                },
                {
                  "name": "1018892",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018892"
                },
                {
                  "name": "27937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27937"
                },
                {
                  "name": "27511",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27511"
                },
                {
                  "name": "27639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27639"
                },
                {
                  "name": "FEDORA-2007-3130",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
                },
                {
                  "name": "USN-553-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-553-1"
                },
                {
                  "name": "MDKSA-2007:218",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=367471",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
                },
                {
                  "name": "27439",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27439"
                },
                {
                  "name": "27612",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27612"
                },
                {
                  "name": "DSA-1397",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1397"
                },
                {
                  "name": "SUSE-SR:2007:023",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5197",
        "datePublished": "2007-11-02T16:00:00.000Z",
        "dateReserved": "2007-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5473 (GCVE-0-2007-5473)

    Vulnerability from nvd – Published: 2007-10-18 18:00 – Updated: 2024-08-07 15:31
    VLAI
    Summary
    StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/26166 vdb-entryx_refsource_BID
    http://osvdb.org/41871 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/27349 third-party-advisoryx_refsource_SECUNIA
    http://anonsvn.mono-project.com/viewcvs/trunk/mcs… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:31:58.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26166"
              },
              {
                "name": "41871",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41871"
              },
              {
                "name": "27349",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27349"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
              },
              {
                "name": "mono-staticfilehandler-info-disclosure(37341)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26166",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26166"
            },
            {
              "name": "41871",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41871"
            },
            {
              "name": "27349",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27349"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
            },
            {
              "name": "mono-staticfilehandler-info-disclosure(37341)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5473",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26166",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26166"
                },
                {
                  "name": "41871",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41871"
                },
                {
                  "name": "27349",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27349"
                },
                {
                  "name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs",
                  "refsource": "CONFIRM",
                  "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
                },
                {
                  "name": "mono-staticfilehandler-info-disclosure(37341)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5473",
        "datePublished": "2007-10-18T18:00:00.000Z",
        "dateReserved": "2007-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:31:58.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5072 (GCVE-0-2006-5072)

    Vulnerability from nvd – Published: 2006-10-05 23:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-357-1 vendor-advisoryx_refsource_UBUNTU
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/22277 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/23213 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/22237 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/bid/20340 vdb-entryx_refsource_BID
    http://secunia.com/advisories/23154 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/23776 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/22614 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200611-23.xml vendor-advisoryx_refsource_GENTOO
    http://www.vupen.com/english/advisories/2006/3911 vdb-entryx_refsource_VUPEN
    http://fedoranews.org/cms/node/2401 vendor-advisoryx_refsource_FEDORA
    Date Public
    2006-10-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:23.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2006:073",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
              },
              {
                "name": "USN-357-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-357-1"
              },
              {
                "name": "mono-systemcodedomcompiler-symlink(29353)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
              },
              {
                "name": "22277",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22277"
              },
              {
                "name": "23213",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23213"
              },
              {
                "name": "22237",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22237"
              },
              {
                "name": "MDKSA-2006:188",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
              },
              {
                "name": "20340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20340"
              },
              {
                "name": "23154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23154"
              },
              {
                "name": "23776",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/23776"
              },
              {
                "name": "22614",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22614"
              },
              {
                "name": "GLSA-200611-23",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
              },
              {
                "name": "ADV-2006-3911",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3911"
              },
              {
                "name": "FEDORA-2007-068",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/cms/node/2401"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2006:073",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
            },
            {
              "name": "USN-357-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-357-1"
            },
            {
              "name": "mono-systemcodedomcompiler-symlink(29353)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
            },
            {
              "name": "22277",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22277"
            },
            {
              "name": "23213",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23213"
            },
            {
              "name": "22237",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22237"
            },
            {
              "name": "MDKSA-2006:188",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
            },
            {
              "name": "20340",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20340"
            },
            {
              "name": "23154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23154"
            },
            {
              "name": "23776",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/23776"
            },
            {
              "name": "22614",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22614"
            },
            {
              "name": "GLSA-200611-23",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
            },
            {
              "name": "ADV-2006-3911",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3911"
            },
            {
              "name": "FEDORA-2007-068",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/cms/node/2401"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2006:073",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
                },
                {
                  "name": "USN-357-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-357-1"
                },
                {
                  "name": "mono-systemcodedomcompiler-symlink(29353)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
                },
                {
                  "name": "22277",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22277"
                },
                {
                  "name": "23213",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23213"
                },
                {
                  "name": "22237",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22237"
                },
                {
                  "name": "MDKSA-2006:188",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
                },
                {
                  "name": "20340",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20340"
                },
                {
                  "name": "23154",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23154"
                },
                {
                  "name": "23776",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/23776"
                },
                {
                  "name": "22614",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22614"
                },
                {
                  "name": "GLSA-200611-23",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
                },
                {
                  "name": "ADV-2006-3911",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3911"
                },
                {
                  "name": "FEDORA-2007-068",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/cms/node/2401"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5072",
        "datePublished": "2006-10-05T23:00:00.000Z",
        "dateReserved": "2006-09-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:23.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3543 (GCVE-0-2012-3543)

    Vulnerability from cvelistv5 – Published: 2019-11-21 14:00 – Updated: 2024-08-06 20:13
    VLAI
    Summary
    mono 2.10.x ASP.NET Web Form Hash collision DoS
    Severity
    No CVSS data available.
    CWE
    • Hash collision issue
    Assigner
    Impacted products
    Vendor Product Version
    mono mono Affected: 2.10.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:13:50.119Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55251"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2547-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mono",
              "vendor": "mono",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.10.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hash collision issue",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-21T14:00:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/55251"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2547-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3543",
        "datePublished": "2019-11-21T14:00:56.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:13:50.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3382 (GCVE-0-2012-3382)

    Vulnerability from cvelistv5 – Published: 2012-07-12 21:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-07-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:11.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
              },
              {
                "name": "openSUSE-SU-2012:0974",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15374367"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
              },
              {
                "name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
              },
              {
                "name": "MDVSA-2012:140",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
            },
            {
              "name": "openSUSE-SU-2012:0974",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15374367"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
            },
            {
              "name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
            },
            {
              "name": "MDVSA-2012:140",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3382",
        "datePublished": "2012-07-12T21:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0990 (GCVE-0-2011-0990)

    Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
              },
              {
                "name": "momo-arraycopy-security-bypass(66625)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
            },
            {
              "name": "momo-arraycopy-security-bypass(66625)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0990",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
                },
                {
                  "name": "momo-arraycopy-security-bypass(66625)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0990",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0991 (GCVE-0-2011-0991)

    Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
              },
              {
                "name": "momo-dynamicmethod-code-execution(66626)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
            },
            {
              "name": "momo-dynamicmethod-code-execution(66626)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0991",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=660422",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
                },
                {
                  "name": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
                },
                {
                  "name": "momo-dynamicmethod-code-execution(66626)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                },
                {
                  "name": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0991",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0992 (GCVE-0-2011-0992)

    Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "momo-monothread-info-disclosure(66627)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "momo-monothread-info-disclosure(66627)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0992",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "momo-monothread-info-disclosure(66627)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
                },
                {
                  "name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0992",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0989 (GCVE-0-2011-0989)

    Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
              },
              {
                "name": "47208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47208"
              },
              {
                "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
              },
              {
                "name": "44002",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "44076",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44076"
              },
              {
                "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
              },
              {
                "name": "ADV-2011-0904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0904"
              },
              {
                "name": "momo-runtime-security-bypass(66624)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
            },
            {
              "name": "47208",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47208"
            },
            {
              "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
            },
            {
              "name": "44002",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "44076",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44076"
            },
            {
              "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
            },
            {
              "name": "ADV-2011-0904",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0904"
            },
            {
              "name": "momo-runtime-security-bypass(66624)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0989",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
                },
                {
                  "name": "47208",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47208"
                },
                {
                  "name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2011/04/06/14"
                },
                {
                  "name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
                },
                {
                  "name": "44002",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44002"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "44076",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44076"
                },
                {
                  "name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
                  "refsource": "MLIST",
                  "url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
                },
                {
                  "name": "ADV-2011-0904",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0904"
                },
                {
                  "name": "momo-runtime-security-bypass(66624)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0989",
        "datePublished": "2011-04-13T21:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4225 (GCVE-0-2010-4225)

    Vulnerability from cvelistv5 – Published: 2011-01-11 01:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2011/0051 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/45711 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/70312 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/42842 third-party-advisoryx_refsource_SECUNIA
    http://www.mono-project.com/Vulnerabilities#XSP.2… x_refsource_CONFIRM
    Date Public
    2011-01-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2011-0051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0051"
              },
              {
                "name": "45711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45711"
              },
              {
                "name": "mono-modmono-source-disclosure(64532)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
              },
              {
                "name": "70312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70312"
              },
              {
                "name": "42842",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42842"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2011-0051",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0051"
            },
            {
              "name": "45711",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45711"
            },
            {
              "name": "mono-modmono-source-disclosure(64532)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
            },
            {
              "name": "70312",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70312"
            },
            {
              "name": "42842",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42842"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-4225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2011-0051",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0051"
                },
                {
                  "name": "45711",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45711"
                },
                {
                  "name": "mono-modmono-source-disclosure(64532)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
                },
                {
                  "name": "70312",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70312"
                },
                {
                  "name": "42842",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42842"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-4225",
        "datePublished": "2011-01-11T01:00:00.000Z",
        "dateReserved": "2010-11-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4254 (GCVE-0-2010-4254)

    Vulnerability from cvelistv5 – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-11-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "42373",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
              },
              {
                "name": "15974",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15974"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
              },
              {
                "name": "45051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45051"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              },
              {
                "name": "SUSE-SR:2010:024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-01-15T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "42373",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
            },
            {
              "name": "15974",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15974"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
            },
            {
              "name": "45051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45051"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            },
            {
              "name": "SUSE-SR:2010:024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4254",
        "datePublished": "2010-12-03T20:00:00.000Z",
        "dateReserved": "2010-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4159 (GCVE-0-2010-4159)

    Vulnerability from cvelistv5 – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
    VLAI
    Summary
    Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-10-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:34:37.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
              },
              {
                "name": "ADV-2010-3059",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/3059"
              },
              {
                "name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
              },
              {
                "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
              },
              {
                "name": "MDVSA-2010:240",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
              },
              {
                "name": "42174",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
              },
              {
                "name": "44810",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44810"
              },
              {
                "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
              },
              {
                "name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-10-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-12-07T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
            },
            {
              "name": "ADV-2010-3059",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/3059"
            },
            {
              "name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
            },
            {
              "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
            },
            {
              "name": "MDVSA-2010:240",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
            },
            {
              "name": "42174",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
            },
            {
              "name": "44810",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44810"
            },
            {
              "name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
            },
            {
              "name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-4159",
        "datePublished": "2010-11-17T15:00:00.000Z",
        "dateReserved": "2010-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:34:37.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1459 (GCVE-0-2010-1459)

    Vulnerability from cvelistv5 – Published: 2010-05-27 18:32 – Updated: 2024-08-07 01:28
    VLAI
    Summary
    The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2010-04-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:40.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
              },
              {
                "name": "SUSE-SR:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
              },
              {
                "name": "40351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/40351"
              },
              {
                "name": "SUSE-SR:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
              },
              {
                "name": "SUSE-SR:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-04-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-06-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
            },
            {
              "name": "SUSE-SR:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "40351",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/40351"
            },
            {
              "name": "SUSE-SR:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
            },
            {
              "name": "SUSE-SR:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
                },
                {
                  "name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx",
                  "refsource": "MISC",
                  "url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
                },
                {
                  "name": "SUSE-SR:2010:013",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
                },
                {
                  "name": "40351",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/40351"
                },
                {
                  "name": "SUSE-SR:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
                },
                {
                  "name": "SUSE-SR:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1459",
        "datePublished": "2010-05-27T18:32:00.000Z",
        "dateReserved": "2010-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:28:40.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3906 (GCVE-0-2008-3906)

    Vulnerability from cvelistv5 – Published: 2008-09-04 17:00 – Updated: 2024-08-07 09:53
    VLAI
    Summary
    CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/30867 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2008/08/27/6 mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2008/2443 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/496845/100… mailing-listx_refsource_BUGTRAQ
    http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 x_refsource_CONFIRM
    https://bugzilla.novell.com/show_bug.cgi?id=418620 x_refsource_CONFIRM
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/31643 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    Date Public
    2008-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:53:00.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "30867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30867"
              },
              {
                "name": "mono-sysweb-xss(44740)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
              },
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
              },
              {
                "name": "ADV-2008-2443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2443"
              },
              {
                "name": "20080930 rPSA-2008-0286-1 mono",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              },
              {
                "name": "31643",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31643"
              },
              {
                "name": "MDVSA-2008:210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "30867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30867"
            },
            {
              "name": "mono-sysweb-xss(44740)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
            },
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
            },
            {
              "name": "ADV-2008-2443",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2443"
            },
            {
              "name": "20080930 rPSA-2008-0286-1 mono",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            },
            {
              "name": "31643",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31643"
            },
            {
              "name": "MDVSA-2008:210",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "30867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30867"
                },
                {
                  "name": "mono-sysweb-xss(44740)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
                },
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
                },
                {
                  "name": "ADV-2008-2443",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2443"
                },
                {
                  "name": "20080930 rPSA-2008-0286-1 mono",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
                },
                {
                  "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=418620",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                },
                {
                  "name": "31643",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31643"
                },
                {
                  "name": "MDVSA-2008:210",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3906",
        "datePublished": "2008-09-04T17:00:00.000Z",
        "dateReserved": "2008-09-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:53:00.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3422 (GCVE-0-2008-3422)

    Vulnerability from cvelistv5 – Published: 2008-07-31 21:00 – Updated: 2024-08-07 09:37
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31982 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.novell.com/show_bug.cgi?id=413534 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/31338 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.ximian.com/pipermail/mono-devel-list… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/30471 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2008-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:37:26.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "31982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
              },
              {
                "name": "SUSE-SR:2008:018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
              },
              {
                "name": "31338",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31338"
              },
              {
                "name": "mono-aspnet-xss(44229)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
              },
              {
                "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
              },
              {
                "name": "30471",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30471"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "31982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
            },
            {
              "name": "SUSE-SR:2008:018",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
            },
            {
              "name": "31338",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31338"
            },
            {
              "name": "mono-aspnet-xss(44229)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
            },
            {
              "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
            },
            {
              "name": "30471",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30471"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3422",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "31982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31982"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=413534",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
                },
                {
                  "name": "SUSE-SR:2008:018",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
                },
                {
                  "name": "31338",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31338"
                },
                {
                  "name": "mono-aspnet-xss(44229)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
                },
                {
                  "name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
                  "refsource": "MLIST",
                  "url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
                },
                {
                  "name": "30471",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30471"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3422",
        "datePublished": "2008-07-31T21:00:00.000Z",
        "dateReserved": "2008-07-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:37:26.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5197 (GCVE-0-2007-5197)

    Vulnerability from cvelistv5 – Published: 2007-11-02 16:00 – Updated: 2024-08-07 15:24
    VLAI
    Summary
    Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.gentoo.org/security/en/glsa/glsa-20071… vendor-advisoryx_refsource_GENTOO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/27493 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/26279 vdb-entryx_refsource_BID
    http://bugs.gentoo.org/attachment.cgi?id=134361&a… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/3716 vdb-entryx_refsource_VUPEN
    http://bugs.gentoo.org/show_bug.cgi?id=197067 x_refsource_CONFIRM
    http://secunia.com/advisories/27583 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1018892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27937 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27511 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27639 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.ubuntu.com/usn/usn-553-1 vendor-advisoryx_refsource_UBUNTU
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    https://bugzilla.redhat.com/show_bug.cgi?id=367471 x_refsource_CONFIRM
    http://secunia.com/advisories/27439 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27612 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2007/dsa-1397 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    Date Public
    2007-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:24:42.132Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200711-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
              },
              {
                "name": "mono-big-integer-bo(38248)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
              },
              {
                "name": "27493",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27493"
              },
              {
                "name": "26279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26279"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
              },
              {
                "name": "ADV-2007-3716",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
              },
              {
                "name": "27583",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27583"
              },
              {
                "name": "1018892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018892"
              },
              {
                "name": "27937",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27937"
              },
              {
                "name": "27511",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27511"
              },
              {
                "name": "27639",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27639"
              },
              {
                "name": "FEDORA-2007-3130",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
              },
              {
                "name": "USN-553-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-553-1"
              },
              {
                "name": "MDKSA-2007:218",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
              },
              {
                "name": "27439",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27439"
              },
              {
                "name": "27612",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27612"
              },
              {
                "name": "DSA-1397",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2007/dsa-1397"
              },
              {
                "name": "SUSE-SR:2007:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200711-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
            },
            {
              "name": "mono-big-integer-bo(38248)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
            },
            {
              "name": "27493",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27493"
            },
            {
              "name": "26279",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26279"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
            },
            {
              "name": "ADV-2007-3716",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
            },
            {
              "name": "27583",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27583"
            },
            {
              "name": "1018892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018892"
            },
            {
              "name": "27937",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27937"
            },
            {
              "name": "27511",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27511"
            },
            {
              "name": "27639",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27639"
            },
            {
              "name": "FEDORA-2007-3130",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
            },
            {
              "name": "USN-553-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-553-1"
            },
            {
              "name": "MDKSA-2007:218",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
            },
            {
              "name": "27439",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27439"
            },
            {
              "name": "27612",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27612"
            },
            {
              "name": "DSA-1397",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1397"
            },
            {
              "name": "SUSE-SR:2007:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200711-10",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
                },
                {
                  "name": "mono-big-integer-bo(38248)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
                },
                {
                  "name": "27493",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27493"
                },
                {
                  "name": "26279",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26279"
                },
                {
                  "name": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
                },
                {
                  "name": "ADV-2007-3716",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3716"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=197067",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
                },
                {
                  "name": "27583",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27583"
                },
                {
                  "name": "1018892",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018892"
                },
                {
                  "name": "27937",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27937"
                },
                {
                  "name": "27511",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27511"
                },
                {
                  "name": "27639",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27639"
                },
                {
                  "name": "FEDORA-2007-3130",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
                },
                {
                  "name": "USN-553-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-553-1"
                },
                {
                  "name": "MDKSA-2007:218",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=367471",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
                },
                {
                  "name": "27439",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27439"
                },
                {
                  "name": "27612",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27612"
                },
                {
                  "name": "DSA-1397",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2007/dsa-1397"
                },
                {
                  "name": "SUSE-SR:2007:023",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5197",
        "datePublished": "2007-11-02T16:00:00.000Z",
        "dateReserved": "2007-10-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:24:42.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5473 (GCVE-0-2007-5473)

    Vulnerability from cvelistv5 – Published: 2007-10-18 18:00 – Updated: 2024-08-07 15:31
    VLAI
    Summary
    StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/26166 vdb-entryx_refsource_BID
    http://osvdb.org/41871 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/27349 third-party-advisoryx_refsource_SECUNIA
    http://anonsvn.mono-project.com/viewcvs/trunk/mcs… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:31:58.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26166"
              },
              {
                "name": "41871",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/41871"
              },
              {
                "name": "27349",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27349"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
              },
              {
                "name": "mono-staticfilehandler-info-disclosure(37341)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26166",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26166"
            },
            {
              "name": "41871",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/41871"
            },
            {
              "name": "27349",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27349"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
            },
            {
              "name": "mono-staticfilehandler-info-disclosure(37341)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5473",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26166",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26166"
                },
                {
                  "name": "41871",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/41871"
                },
                {
                  "name": "27349",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27349"
                },
                {
                  "name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs",
                  "refsource": "CONFIRM",
                  "url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
                },
                {
                  "name": "mono-staticfilehandler-info-disclosure(37341)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5473",
        "datePublished": "2007-10-18T18:00:00.000Z",
        "dateReserved": "2007-10-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:31:58.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }