FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-06-07 10:36:35 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0a50bb48-625f-11ec-a1fb-080027cb2f6fmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis.

(T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel.

(T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages.

(T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions.

(T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action

(T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog.

(T294686) Special:Nuke doesn't actually delete pages.


Discovery 2021-12-01
Entry 2021-12-21
mediawiki135
< 1.35.5

mediawiki136
< 1.36.3

mediawiki137
< 1.37.1

CVE-2021-44854
CVE-2021-44856
CVE-2021-44857
CVE-2021-44858
CVE-2021-45038
CVE-2021-44855
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
466ba8bd-d033-11ed-addf-080027eda32cmediawiki -- multiple vulnerabilities

Mediawikwi reports:

(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows brute-forcing autoblocked IP addresses.

(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in VisualEditor has known ReDos.

(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when MediaWiki is configured without ObjectCache; Insecure Default Configuration.


Discovery 2020-04-02
Entry 2023-04-01
mediawiki135
< 1.35.10

mediawiki138
< 1.38.6

mediawiki139
< 1.39.3

CVE-2020-36649
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/
5ab54ea0-fa94-11ec-996c-080027b24e86mediawiki -- multiple vulnerabilities

Mediawiki reports:

(T308471) Username is not escaped in the "welcomeuser" message.

(T308473) Username not escaped in the contributions-title message.

(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.

(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.


Discovery 2022-05-16
Entry 2022-07-03
mediawiki135
< 1.35.7

mediawiki137
< 1.37.3

mediawiki138
< 1.38.2

CVE-2022-29248
CVE-2022-27776
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
67057b48-41f4-11ed-86c3-080027881239mediawiki -- multiple vulnerabilities

Mediawiki reports:

(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions..

(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence of hidden users.

(T307278, CVE-2022-41766) SECURITY: On action=rollback the message "alreadyrolled" can leak revision deleted user name.


Discovery 2022-09-29
Entry 2022-10-02
mediawiki135
< 1.35.8

mediawiki137
< 1.37.6

mediawiki138
< 1.38.4

CVE-2022-41765
CVE-2022-41766
CVE-2022-41767
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/
79ea6066-b40e-11ec-8b93-080027b24e86mediawiki -- multiple vulnerabilities

Mediawiki reports:

(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.

(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.

(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.

(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages.


Discovery 2021-12-12
Entry 2022-04-04
mediawiki135
< 1.35.6

mediawiki136
< 1.36.4

mediawiki137
< 1.37.2

CVE-2022-28201
CVE-2022-28202
CVE-2022-28203
CVE-2022-28204
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
95dad123-180e-11ee-86ba-080027eda32cmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.

(T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.

(T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message use.


Discovery 2023-04-21
Entry 2023-07-01
mediawiki135
< 1.35.11

mediawiki138
< 1.38.7

mediawiki139
< 1.39.4

CVE-2023-29197
CVE-2023-36674
CVE-2023-36675
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/
d379aa14-8729-11ed-b988-080027d3a315mediawiki -- multiple vulnerabilities

Mediawikwi reports:

(T322637, CVE-2022-PENDING) SECURITY: Make sqlite DB files not world readable.


Discovery 2022-12-01
Entry 2022-12-29
mediawiki135
< 1.35.9

mediawiki138
< 1.38.5

mediawiki139
< 1.39.1

https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
e59fed96-60da-11ee-9102-000c29de725bmediawiki -- multiple vulnerabilities

Mediawikwi reports:

(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission are incorrectly shown MediaWiki:Missing-revision-permission.

(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for self-redirects with variants conversion.

(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped messages leading to potential XSS.

(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page message is assumed to yield a valid title.

(T340221, CVE-2023-PENDING) SECURITY: XSS via 'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.

(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X intermediate revisions by the same user not shown") ignores username suppression.

(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML file to Special:Upload (non-standard configuration).


Discovery 2023-09-01
Entry 2023-10-02
mediawiki135
< 1.35.13

mediawiki139
< 1.39.5

mediawiki140
< 1.40.1

CVE-2023-3550
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/
f84ab297-2285-11ec-9e79-08002789875bmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.

(T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan.

(T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions.

(T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked).


Discovery 2021-06-24
Entry 2021-10-01
mediawiki131
< 1.31.16

mediawiki135
< 1.35.4

mediawiki136
< 1.36.2

CVE-2021-41798
CVE-2021-41799
CVE-2021-41800
CVE-2021-41801
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/