FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0cae920-c4e9-11e4-898e-90e6ba741e35mono -- TLS bugs

The Mono project reports:

Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post.

Mono’s implementation of SSL/TLS also contained support for the weak EXPORT cyphers and was susceptible to the FREAK attack.


Discovery 2015-03-06
Entry 2015-03-07
mono
< 3.10.1

ge 3.12 lt 3.12.1

http://www.mono-project.com/docs/about-mono/vulnerabilities/#tls-bugs
5a39a22e-5478-11db-8f1a-000a48049292mono -- "System.CodeDom.Compiler" Insecure Temporary Creation

Sebastian Krahmer reports:

Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.


Discovery 2006-10-04
Entry 2006-10-05
mono
< 1.1.13.8.1

CVE-2006-5072
http://www.ubuntu.com/usn/usn-357-1
http://secunia.com/advisories/22237/
4b3a7e70-afce-11e5-b864-14dae9d210b8mono -- DoS and code execution

NCC Group reports:

An attacker who can cause a carefully-chosen string to be converted to a floating-point number can cause a crash and potentially induce arbitrary code execution.


Discovery 2015-12-19
Entry 2015-12-31
mono
< 4.2

http://seclists.org/oss-sec/2015/q4/543
CVE-2009-0689
708c65a5-7c58-11de-a994-0030843d3802mono -- XML signature HMAC truncation spoofing

Secunia reports:

A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to an error when processing certain XML signatures.


Discovery 2009-07-15
Entry 2009-07-29
mono
< 2.4.2.2

CVE-2009-0217
http://secunia.com/advisories/35852/
http://www.kb.cert.org/vuls/id/466161