Mono-Project: >> Mono >> 0.11 Security Vulnerabilities
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
CVSS Score
8.1
EPSS Score
0.014
Published
2018-01-08
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-01-08
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
CVSS Score
9.8
EPSS Score
0.051
Published
2018-01-08