Search criteria
33 vulnerabilities found for mono by mono
VAR-201904-0811
Vulnerability from variot - Updated: 2024-11-23 21:59A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.9.4"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.3"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.4.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1.500"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.20.0"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.2.100"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 for mac"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.20"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "visual studio for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.505"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.13"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.9"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.12"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0.15"
}
],
"sources": [
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mono:mono_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:.net_core_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:visual_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:nuget",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,The vendor reported this issue.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-0757",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-0757",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-0757",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID: RHSA-2019:0544-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0544\nIssue date: 2019-03-13\nCVE Names: CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0757",
"trust": 3.0
},
{
"db": "BID",
"id": "107285",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152073",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"id": "VAR-201904-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T21:59:52.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mono-project.com/"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0757"
},
{
"title": "Microsoft NuGet Package Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90061"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
},
{
"title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190544 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/107285"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0544"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190012.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0757 "
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-03-13T14:27:10",
"db": "PACKETSTORM",
"id": "152073"
},
{
"date": "2019-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"date": "2019-04-09T02:29:00.600000",
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-13T09:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
},
{
"date": "2024-11-21T04:17:13.843000",
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Product Linux and Mac For NuGet Package Manager Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
}
}
CVE-2012-3543 (GCVE-0-2012-3543)
Vulnerability from nvd – Published: 2019-11-21 14:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
mono 2.10.x ASP.NET Web Form Hash collision DoS
Severity ?
No CVSS data available.
CWE
- Hash collision issue
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mono",
"vendor": "mono",
"versions": [
{
"status": "affected",
"version": "2.10.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hash collision issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:00:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3543",
"datePublished": "2019-11-21T14:00:56",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3382 (GCVE-0-2012-3382)
Vulnerability from nvd – Published: 2012-07-12 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:11.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3382",
"datePublished": "2012-07-12T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:11.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0992 (GCVE-0-2011-0992)
Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "momo-monothread-info-disclosure(66627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0992",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0991 (GCVE-0-2011-0991)
Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=660422",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"name": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0991",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0990 (GCVE-0-2011-0990)
Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0990",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0989 (GCVE-0-2011-0989)
Vulnerability from nvd – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0989",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4225 (GCVE-0-2010-4225)
Vulnerability from nvd – Published: 2011-01-11 01:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"refsource": "OSVDB",
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42842"
},
{
"name": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4225",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-11-10T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4254 (GCVE-0-2010-4254)
Vulnerability from nvd – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-15T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4254",
"datePublished": "2010-12-03T20:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4159 (GCVE-0-2010-4159)
Vulnerability from nvd – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4159",
"datePublished": "2010-11-17T15:00:00",
"dateReserved": "2010-11-04T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1459 (GCVE-0-2010-1459)
Vulnerability from nvd – Published: 2010-05-27 18:32 – Updated: 2024-08-07 01:28
VLAI?
Summary
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx",
"refsource": "MISC",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1459",
"datePublished": "2010-05-27T18:32:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3906 (GCVE-0-2008-3906)
Vulnerability from nvd – Published: 2008-09-04 17:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=418620",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3906",
"datePublished": "2008-09-04T17:00:00",
"dateReserved": "2008-09-04T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3422 (GCVE-0-2008-3422)
Vulnerability from nvd – Published: 2008-07-31 21:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=413534",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"refsource": "MLIST",
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3422",
"datePublished": "2008-07-31T21:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5197 (GCVE-0-2007-5197)
Vulnerability from nvd – Published: 2007-11-02 16:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200711-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26279"
},
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=197067",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=367471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5197",
"datePublished": "2007-11-02T16:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5473 (GCVE-0-2007-5473)
Vulnerability from nvd – Published: 2007-10-18 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"refsource": "OSVDB",
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27349"
},
{
"name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs",
"refsource": "CONFIRM",
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5473",
"datePublished": "2007-10-18T18:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5072 (GCVE-0-2006-5072)
Vulnerability from nvd – Published: 2006-10-05 23:00 – Updated: 2024-08-07 19:32
VLAI?
Summary
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:23.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2006:073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:073",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_73_mono.html"
},
{
"name": "USN-357-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-357-1"
},
{
"name": "mono-systemcodedomcompiler-symlink(29353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29353"
},
{
"name": "22277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22277"
},
{
"name": "23213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23213"
},
{
"name": "22237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22237"
},
{
"name": "MDKSA-2006:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:188"
},
{
"name": "20340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20340"
},
{
"name": "23154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23154"
},
{
"name": "23776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23776"
},
{
"name": "22614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22614"
},
{
"name": "GLSA-200611-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-23.xml"
},
{
"name": "ADV-2006-3911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3911"
},
{
"name": "FEDORA-2007-068",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5072",
"datePublished": "2006-10-05T23:00:00",
"dateReserved": "2006-09-28T00:00:00",
"dateUpdated": "2024-08-07T19:32:23.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3543 (GCVE-0-2012-3543)
Vulnerability from cvelistv5 – Published: 2019-11-21 14:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
mono 2.10.x ASP.NET Web Form Hash collision DoS
Severity ?
No CVSS data available.
CWE
- Hash collision issue
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mono",
"vendor": "mono",
"versions": [
{
"status": "affected",
"version": "2.10.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mono 2.10.x ASP.NET Web Form Hash collision DoS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hash collision issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:00:56",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-3543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3543",
"datePublished": "2019-11-21T14:00:56",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3382 (GCVE-0-2012-3382)
Vulnerability from cvelistv5 – Published: 2012-07-12 21:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:11.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2"
},
{
"name": "openSUSE-SU-2012:0974",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15374367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769799"
},
{
"name": "[oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/11"
},
{
"name": "MDVSA-2012:140",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:140"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3382",
"datePublished": "2012-07-12T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:11.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0991 (GCVE-0-2011-0991)
Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=660422",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=660422"
},
{
"name": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/89d1455a80ef13cddee5d79ec00c06055da3085c"
},
{
"name": "momo-dynamicmethod-code-execution(66626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66626"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/3f8ee42b8c867d9a4c18c22657840d072cca5c3a"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/8eb1189099e02372fd45ca1c67230eccf1edddc0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0991",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0989 (GCVE-0-2011-0989)
Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/035c8587c0d8d307e45f1b7171a0d337bb451f1e"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
},
{
"name": "momo-runtime-security-bypass(66624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0989",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0992 (GCVE-0-2011-0992)
Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "momo-monothread-info-disclosure(66627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "momo-monothread-info-disclosure(66627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66627"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=678515",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=678515"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694933"
},
{
"name": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/722f9890f09aadfc37ae479e7d946d5fc5ef7b91"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0992",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0990 (GCVE-0-2011-0990)
Vulnerability from cvelistv5 – Published: 2011-04-13 21:00 – Updated: 2024-08-06 22:14
VLAI?
Summary
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=667077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"name": "47208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"name": "[oss-security] 20110406 Moonlight release 2.4.1 with security fixes",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"name": "44002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44002"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "44076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44076"
},
{
"name": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c",
"refsource": "CONFIRM",
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"name": "momo-arraycopy-security-bypass(66625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"name": "[opensuse-updates] 20110408 openSUSE-SU-2011:0313-1 (critical): moonlight security update",
"refsource": "MLIST",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"name": "ADV-2011-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0990",
"datePublished": "2011-04-13T21:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4225 (GCVE-0-2010-4225)
Vulnerability from cvelistv5 – Published: 2011-01-11 01:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0051",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an \"unloading bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0051"
},
{
"name": "45711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45711"
},
{
"name": "mono-modmono-source-disclosure(64532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64532"
},
{
"name": "70312",
"refsource": "OSVDB",
"url": "http://osvdb.org/70312"
},
{
"name": "42842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42842"
},
{
"name": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4225",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-11-10T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4254 (GCVE-0-2010-4254)
Vulnerability from cvelistv5 – Published: 2010-12-03 20:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-15T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2011:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "42373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42373"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability"
},
{
"name": "15974",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=655847"
},
{
"name": "42877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac"
},
{
"name": "45051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45051"
},
{
"name": "ADV-2011-0076",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=654136"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4254",
"datePublished": "2010-12-03T20:00:00",
"dateReserved": "2010-11-16T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4159 (GCVE-0-2010-4159)
Vulnerability from cvelistv5 – Published: 2010-11-17 15:00 – Updated: 2024-08-07 03:34
VLAI?
Summary
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mono/mono/commit/8e890a3bf80a4620e417814dc14886b1bbd17625"
},
{
"name": "ADV-2010-3059",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3059"
},
{
"name": "[mono-patches] 20101012 [mono/mono] d3985be4: Search for dllimported shared libs in the base directory, not cwd.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128941802415318\u0026w=2"
},
{
"name": "MDVSA-2010:240",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading"
},
{
"name": "42174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=641915"
},
{
"name": "44810",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44810"
},
{
"name": "[oss-security] 20101110 Re: CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939912716499\u0026w=2"
},
{
"name": "[oss-security] 20101110 CVE request: mono loading shared libs from cwd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128939873515821\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4159",
"datePublished": "2010-11-17T15:00:00",
"dateReserved": "2010-11-04T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1459 (GCVE-0-2010-1459)
Vulnerability from cvelistv5 – Published: 2010-05-27 18:32 – Updated: 2024-08-07 01:28
VLAI?
Summary
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:40.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting"
},
{
"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx",
"refsource": "MISC",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "40351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40351"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1459",
"datePublished": "2010-05-27T18:32:00",
"dateReserved": "2010-04-16T00:00:00",
"dateUpdated": "2024-08-07T01:28:40.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3906 (GCVE-0-2008-3906)
Vulnerability from cvelistv5 – Published: 2008-09-04 17:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30867"
},
{
"name": "mono-sysweb-xss(44740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44740"
},
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "[oss-security] 20080827 CVE request: mono Sys.Web header injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/27/6"
},
{
"name": "ADV-2008-2443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2443"
},
{
"name": "20080930 rPSA-2008-0286-1 mono",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496845/100/0/threaded"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=418620",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=418620"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "31643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31643"
},
{
"name": "MDVSA-2008:210",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3906",
"datePublished": "2008-09-04T17:00:00",
"dateReserved": "2008-09-04T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3422 (GCVE-0-2008-3422)
Vulnerability from cvelistv5 – Published: 2008-07-31 21:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/826-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=413534",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=413534"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "31338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31338"
},
{
"name": "mono-aspnet-xss(44229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44229"
},
{
"name": "[mono-devel-list] 20080726 [PATCH] HTML encode attributes that might need encoding",
"refsource": "MLIST",
"url": "http://lists.ximian.com/pipermail/mono-devel-list/2008-July/028633.html"
},
{
"name": "30471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30471"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3422",
"datePublished": "2008-07-31T21:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5197 (GCVE-0-2007-5197)
Vulnerability from cvelistv5 – Published: 2007-11-02 16:00 – Updated: 2024-08-07 15:24
VLAI?
Summary
Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200711-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200711-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-10.xml"
},
{
"name": "mono-big-integer-bo(38248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38248"
},
{
"name": "27493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27493"
},
{
"name": "26279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26279"
},
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/attachment.cgi?id=134361\u0026action=view"
},
{
"name": "ADV-2007-3716",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3716"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=197067",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=197067"
},
{
"name": "27583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27583"
},
{
"name": "1018892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018892"
},
{
"name": "27937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27937"
},
{
"name": "27511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27511"
},
{
"name": "27639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27639"
},
{
"name": "FEDORA-2007-3130",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00249.html"
},
{
"name": "USN-553-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-553-1"
},
{
"name": "MDKSA-2007:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:218"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=367471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=367471"
},
{
"name": "27439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27439"
},
{
"name": "27612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27612"
},
{
"name": "DSA-1397",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1397"
},
{
"name": "SUSE-SR:2007:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_23_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5197",
"datePublished": "2007-11-02T16:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5473 (GCVE-0-2007-5473)
Vulnerability from cvelistv5 – Published: 2007-10-18 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27349"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26166"
},
{
"name": "41871",
"refsource": "OSVDB",
"url": "http://osvdb.org/41871"
},
{
"name": "27349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27349"
},
{
"name": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs",
"refsource": "CONFIRM",
"url": "http://anonsvn.mono-project.com/viewcvs/trunk/mcs/class/System.Web/System.Web/StaticFileHandler.cs"
},
{
"name": "mono-staticfilehandler-info-disclosure(37341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5473",
"datePublished": "2007-10-18T18:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}