Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mono-project | libgdiplus | 2.6.7 |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mono-project | mono | * |
| debian | debian_linux | 6.0 |
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mono-project | mono | * |
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mono-project | mono | * |
| debian | debian_linux | 7.0 |
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | nuget | 4.8.2 |
| microsoft | nuget | 4.5.2 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
| mono-project | mono_framework | 5.18.0.223 |
| microsoft | nuget | 4.3.1 |
| microsoft | .net_core_sdk | 2.2.100 |
| redhat | enterprise_linux_server_aus | 8.4 |
| microsoft | visual_studio_2017 | - |
| mono-project | mono_framework | 5.20.0 |
| microsoft | .net_core_sdk | 2.1.500 |
| microsoft | nuget | 4.6.3 |
| microsoft | nuget | 4.9.4 |
| redhat | enterprise_linux_eus | 8.2 |
| microsoft | nuget | 4.4.2 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.4 |
| microsoft | nuget | 4.7.2 |
| microsoft | .net_core_sdk | 1.1 |
| redhat | enterprise_linux_eus | 8.1 |
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mono-project | mono | 5.18.0.240+dfsg-3 |
| mono-project | mono | 6.8.0.105+dfsg-3 |
| debian | debian_linux | 10.0 |