CVE-2010-4254 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
mono	mono	*
novell	moonlight	𝑥 ≤ 2.3.0
novell	moonlight	2.99.0
novell	moonlight	2.99.1
novell	moonlight	2.99.2
novell	moonlight	2.99.7
novell	moonlight	2.99.9

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mono

dapper	ignored
hardy	ignored
karmic	ignored
lucid	ignored
maverick	ignored
natty	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

http://secunia.com/advisories/42373

http://secunia.com/advisories/42877

http://www.exploit-db.com/exploits/15974

http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability

http://www.securityfocus.com/bid/45051

http://www.vupen.com/english/advisories/2011/0076

https://bugzilla.novell.com/show_bug.cgi?id=654136

https://bugzilla.novell.com/show_bug.cgi?id=655847

https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399

https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358

https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html

http://secunia.com/advisories/42373

http://secunia.com/advisories/42877

http://www.exploit-db.com/exploits/15974

http://www.mono-project.com/Vulnerabilities#Moonlight_Generic_Constraints_Bypass_Vulnerability

http://www.securityfocus.com/bid/45051

http://www.vupen.com/english/advisories/2011/0076

https://bugzilla.novell.com/show_bug.cgi?id=654136

https://bugzilla.novell.com/show_bug.cgi?id=655847

https://github.com/mono/mono/commit/4905ef1130feb26c3150b28b97e4a96752e0d399

https://github.com/mono/mono/commit/65292a69c837b8a5f7a392d34db63de592153358

https://github.com/mono/mono/commit/cf1ec146f7c6acdc6697032b3aaafc68ffacdcac