Every CVE whose affected-product data names Mono, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2010-4254 — CVSS 7.5 (high): Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which…
CVE-2007-5197 — CVSS 7.5 (high): Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code…
CVE-2010-4159 — CVSS 6.9 (medium): Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse…
CVE-2011-0991 — CVSS 6.8 (medium): Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a…
CVE-2006-5072 — CVSS 6.2 (medium): The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite…
CVE-2011-0990 — CVSS 5.8 (medium): Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x…
CVE-2011-0992 — CVSS 5.8 (medium): Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a…
CVE-2011-0989 — CVSS 5.8 (medium): The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does…
CVE-2010-4225 — CVSS 5.0 (medium): Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for…
CVE-2007-5473 — CVSS 5.0 (medium): StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of…
CVE-2012-3382 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono…
CVE-2008-3422 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject…
CVE-2008-3906 — CVSS 4.3 (medium): CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP…
CVE-2010-1459 — CVSS 4.3 (medium): The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote…
CVE-2005-0509 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject…