FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dc2d76df-a595-11e4-9363-20cf30e32f6d	Bugzilla multiple security issues Bugzilla Security Advisory Command Injection Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes. Information Leak Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API. Discovery 2015-01-21 Entry 2015-01-26 bugzilla44 < 4.4.7 CVE-2014-8630 https://bugzilla.mozilla.org/show_bug.cgi?id=1079065 https://bugzilla.mozilla.org/show_bug.cgi?id=1090275

VuXML ID

Description

dc2d76df-a595-11e4-9363-20cf30e32f6d

Bugzilla multiple security issues

Bugzilla Security Advisory

Command Injection

Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.

Information Leak

Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API.

Discovery 2015-01-21
Entry 2015-01-26
bugzilla44

< 4.4.7

CVE-2014-8630
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
https://bugzilla.mozilla.org/show_bug.cgi?id=1090275