FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  537620
Date:      2020-06-03
Time:      16:46:05Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0297b260-2b3b-11e6-ae88-002590263bf5ikiwiki -- XSS vulnerability

Mitre reports:

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.


Discovery 2016-05-04
Entry 2016-06-05
ikiwiki
lt 3.20160509

CVE-2016-4561
ports/209593
5ed094a0-0150-11e7-ae1b-002590263bf5ikiwiki -- multiple vulnerabilities

Mitre reports:

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

When CGI::FormBuilder->field("foo") is called in list context (and in particular in the arguments to a subroutine that takes named arguments), it can return zero or more values for foo from the CGI request, rather than the expected single value. This breaks the usual Perl parsing convention for named arguments, similar to CVE-2014-1572 in Bugzilla (which was caused by a similar API design issue in CGI.pm).


Discovery 2016-12-19
Entry 2017-03-05
ikiwiki
lt 3.20161229

CVE-2016-10026
CVE-2016-9645
CVE-2016-9646
https://ikiwiki.info/security/#index46h2
https://ikiwiki.info/security/#index47h2
6e8f54af-a07d-11de-a649-000c2955660fikiwiki -- insufficient blacklisting in teximg plugin

The IkiWiki development team reports:

IkiWikis teximg plugin's blacklisting of insecure TeX commands is insufficient; it can be bypassed and used to read arbitrary files.


Discovery 2009-08-28
Entry 2009-09-13
ikiwiki
lt 3.1415926

CVE-2009-2944
http://ikiwiki.info/security/#index35h2
3145faf1-974c-11e0-869e-000c29249b2eikiwiki -- tty hijacking via ikiwiki-mass-rebuild

The IkiWiki development team reports:

Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks.


Discovery 2011-06-08
Entry 2011-06-15
ikiwiki
lt 3.20110608

CVE-2011-1408
http://ikiwiki.info/security/#index40h2
6e8f54af-a07d-11de-a649-000c2955660fikiwiki -- insufficient blacklisting in teximg plugin

The IkiWiki development team reports:

IkiWikis teximg plugin's blacklisting of insecure TeX commands is insufficient; it can be bypassed and used to read arbitrary files.


Discovery 2009-08-28
Entry 2009-09-13
ikiwiki
lt 3.1415926

CVE-2009-2944
http://ikiwiki.info/security/#index35h2
3145faf1-974c-11e0-869e-000c29249b2eikiwiki -- tty hijacking via ikiwiki-mass-rebuild

The IkiWiki development team reports:

Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks.


Discovery 2011-06-08
Entry 2011-06-15
ikiwiki
lt 3.20110608

CVE-2011-1408
http://ikiwiki.info/security/#index40h2
7b35a77a-0151-11e7-ae1b-002590263bf5ikiwiki -- authentication bypass vulnerability

ikiwiki reports:

The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact:

An attacker who can log in to a site with a password can log in as a different and potentially more privileged user.

An attacker who can create a new account can set arbitrary fields in the user database for that account


Discovery 2017-01-11
Entry 2017-03-05
ikiwiki
lt 3.20170111

CVE-2017-0356
https://ikiwiki.info/security/#index48h2