FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  523993
Date:      2020-01-24
Time:      22:20:00Z
Committer: kai

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e0385d1-9ed5-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks.

Persistent XSS vulnerability


Discovery 2012-03-11
Entry 2015-12-10
redmine
lt 1.3.2

CVE-2012-0327
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://jvn.jp/en/jp/JVN93406632/
21bc4d71-9ed8-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Data disclosure in atom feed.


Discovery 2015-12-05
Entry 2015-12-10
Modified 2015-12-11
redmine
lt 2.6.9

ge 3.0.0 lt 3.0.7

ge 3.1.0 lt 3.1.3

CVE-2015-8537
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
3ec2e0bc-9ed7-11e5-8f5c-002590263bf5redmine -- open redirect vulnerability

Redmine reports:

Open Redirect vulnerability.


Discovery 2015-09-20
Entry 2015-12-10
redmine
ge 2.5.1 lt 2.6.7

ge 3.0.0 lt 3.0.5

eq 3.1.0

CVE-2015-8474
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://www.openwall.com/lists/oss-security/2015/12/04/1
49def4b7-9ed6-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Potential data leak (project names) in the invalid form authenticity token error screen.


Discovery 2014-07-06
Entry 2015-12-10
redmine
lt 2.4.6

ge 2.5.0 lt 2.5.2

http://www.redmine.org/projects/redmine/wiki/Security_Advisories
584c506d-0e98-11e0-b59b-0050569b2d21redmine -- multiple vulnerabilities

Jean-Philippe Lang reports:

This release also fixes 3 security issues reported by joernchen of Phenoelit:

  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

Discovery 2010-12-23
Entry 2010-12-23
redmine
lt 1.0.5

http://www.redmine.org/news/49
66ba5931-9ed5-11e5-8f5c-002590263bf5redmine -- XSS vulnerability

Redmine reports:

XSS vulnerability


Discovery 2012-09-30
Entry 2015-12-10
redmine
ge 2.1.0 lt 2.1.2

http://www.redmine.org/projects/redmine/wiki/Security_Advisories
939a7086-9ed6-11e5-8f5c-002590263bf5redmine -- potential XSS vulnerability

Redmine reports:

Potential XSS vulnerability when rendering some flash messages.


Discovery 2015-02-19
Entry 2015-12-10
redmine
lt 2.6.2

CVE-2015-8477
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://www.openwall.com/lists/oss-security/2015/12/05/6
ae377aeb-9ed4-11e5-8f5c-002590263bf5redmine -- CSRF protection bypass

Redmine reports:

Vulnerability that would allow an attacker to bypass the CSRF protection.


Discovery 2011-12-10
Entry 2015-12-10
redmine
lt 1.3.0

http://www.redmine.org/projects/redmine/wiki/Security_Advisories
ba61ce15-8a7b-11df-87ec-0050569b2d21redmine -- multiple vulnerabilities

Eric Davis reports:

This security release addresses some security vulnerabilities found in the advanced subversion integration module (Redmine.pm perl script).


Discovery 2010-07-08
Entry 2010-07-10
redmine
lt 0.9.6

http://www.redmine.org/news/41
be63533c-9ed7-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Potential changeset message disclosure in issues API.

Data disclosure on the time logging form


Discovery 2015-11-14
Entry 2015-12-10
redmine
lt 2.6.8

ge 3.0.0 lt 3.0.6

ge 3.1.0 lt 3.1.2

CVE-2015-8346
CVE-2015-8473
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://www.openwall.com/lists/oss-security/2015/11/25/12
http://www.openwall.com/lists/oss-security/2015/12/03/7
c2efcd46-9ed5-11e5-8f5c-002590263bf5redmine -- open redirect vulnerability

Redmine reports:

Open Redirect vulnerability


Discovery 2014-03-29
Entry 2015-12-10
redmine
lt 2.4.5

eq 2.5.0

CVE-2014-1985
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://jvn.jp/en/jp/JVN93004610/index.html
cf96cd8d-48fb-11e0-98a6-0050569b2d21redmine -- XSS vulnerability

Jean-Philippe Lang reports:

This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix (XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1).


Discovery 2011-03-07
Entry 2011-03-07
redmine
gt 1.0 lt 1.1.2

http://www.redmine.org/news/53
fcc39d22-5777-11df-bf33-001a92771ec2redmine -- multiple vulnerabilities

The Redmine release announcement reports that several cross side scripting vulnerabilities and a potential data disclosure vulnerability have been fixed in the latest release.


Discovery 2010-05-01
Entry 2010-05-14
redmine
lt 0.9.4

http://www.redmine.org/news/39