This page lists publicly disclosed CVE vulnerabilities affecting mono-project mono (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | [email protected] | 8.8 | 0.97% | 2023-02-22 | 2026-06-17 |
| CVE-2012-3543 | mono 2.10.x ASP.NET Web Form Hash collision DoS | [email protected] | 7.5 | 2.58% | 2019-11-21 | 2026-06-16 |
| CVE-2015-2320 | The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | [email protected] | 9.8 | 3.54% | 2018-01-08 | 2026-06-16 |
| CVE-2015-2319 | The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | [email protected] | 7.5 | 3.21% | 2018-01-08 | 2026-06-16 |
| CVE-2015-2318 | The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | [email protected] | 8.1 | 2.01% | 2018-01-08 | 2026-06-16 |