Aggregates CVE and security vulnerability intelligence across all mono-project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues involve various input-handling and memory-safety problems that may affect software stability and security.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | [email protected] | 8.8 | 1.37% | 2023-02-22 | 2026-05-20 |
| CVE-2012-3543 | mono 2.10.x ASP.NET Web Form Hash collision DoS | [email protected] | 7.5 | 1.15% | 2019-11-21 | 2024-11-21 |
| CVE-2019-0757 | A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. | [email protected] | 6.5 | 5.39% | 2019-04-09 | 2024-11-21 |
| CVE-2015-2320 | The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | [email protected] | 9.8 | 4.83% | 2018-01-08 | 2024-11-21 |
| CVE-2015-2319 | The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | [email protected] | 7.5 | 0.92% | 2018-01-08 | 2024-11-21 |
| CVE-2015-2318 | The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | [email protected] | 8.1 | 1.29% | 2018-01-08 | 2024-11-21 |
| CVE-2010-1526 | Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. | [email protected] | 6.8 | 1.31% | 2010-08-24 | 2026-04-29 |