Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 31 results


CVE-2023-26314

Medium priority
Needs evaluation

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32841

Medium priority
Needs evaluation

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that...

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Needs evaluation Needs evaluation Not affected Not affected Not affected
Show less packages

CVE-2021-32842

Medium priority
Needs evaluation

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that...

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32840

Medium priority
Needs evaluation

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to...

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Needs evaluation Needs evaluation Not affected Not affected Not affected
Show less packages

CVE-2015-0841

Medium priority
Ignored

Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.

2 affected packages

libcapsinetwork, monopd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcapsinetwork Not in release Not in release
monopd Not affected Not affected
Show less packages

CVE-2018-8416

Low priority
Needs evaluation

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.

2 affected packages

mono, mono-reference-assemblies

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mono-reference-assemblies Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2018-8292

Medium priority
Not affected

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0,...

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Not affected Not affected
Show less packages

CVE-2018-1002208

Low priority
Vulnerable

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also...

2 affected packages

mono, mono-reference-assemblies

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono Not affected Not affected Not affected Vulnerable Vulnerable
mono-reference-assemblies Not in release Not in release Not in release Vulnerable Vulnerable
Show less packages

CVE-2015-2320

Medium priority

Some fixes available 3 of 4

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono
Show less packages

CVE-2015-2319

Medium priority

Some fixes available 3 of 4

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

1 affected packages

mono

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mono
Show less packages