FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  523993
Date:      2020-01-24
Time:      22:20:00Z
Committer: kai

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e0385d1-9ed5-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks.

Persistent XSS vulnerability

Discovery 2012-03-11
Entry 2015-12-10
lt 1.3.2

21bc4d71-9ed8-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Data disclosure in atom feed.

Discovery 2015-12-05
Entry 2015-12-10
Modified 2015-12-11
lt 2.6.9

ge 3.0.0 lt 3.0.7

ge 3.1.0 lt 3.1.3

3ec2e0bc-9ed7-11e5-8f5c-002590263bf5redmine -- open redirect vulnerability

Redmine reports:

Open Redirect vulnerability.

Discovery 2015-09-20
Entry 2015-12-10
ge 2.5.1 lt 2.6.7

ge 3.0.0 lt 3.0.5

eq 3.1.0

49def4b7-9ed6-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Potential data leak (project names) in the invalid form authenticity token error screen.

Discovery 2014-07-06
Entry 2015-12-10
lt 2.4.6

ge 2.5.0 lt 2.5.2
584c506d-0e98-11e0-b59b-0050569b2d21redmine -- multiple vulnerabilities

Jean-Philippe Lang reports:

This release also fixes 3 security issues reported by joernchen of Phenoelit:

  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

Discovery 2010-12-23
Entry 2010-12-23
lt 1.0.5
66ba5931-9ed5-11e5-8f5c-002590263bf5redmine -- XSS vulnerability

Redmine reports:

XSS vulnerability

Discovery 2012-09-30
Entry 2015-12-10
ge 2.1.0 lt 2.1.2
939a7086-9ed6-11e5-8f5c-002590263bf5redmine -- potential XSS vulnerability

Redmine reports:

Potential XSS vulnerability when rendering some flash messages.

Discovery 2015-02-19
Entry 2015-12-10
lt 2.6.2

ae377aeb-9ed4-11e5-8f5c-002590263bf5redmine -- CSRF protection bypass

Redmine reports:

Vulnerability that would allow an attacker to bypass the CSRF protection.

Discovery 2011-12-10
Entry 2015-12-10
lt 1.3.0
ba61ce15-8a7b-11df-87ec-0050569b2d21redmine -- multiple vulnerabilities

Eric Davis reports:

This security release addresses some security vulnerabilities found in the advanced subversion integration module ( perl script).

Discovery 2010-07-08
Entry 2010-07-10
lt 0.9.6
be63533c-9ed7-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Potential changeset message disclosure in issues API.

Data disclosure on the time logging form

Discovery 2015-11-14
Entry 2015-12-10
lt 2.6.8

ge 3.0.0 lt 3.0.6

ge 3.1.0 lt 3.1.2

c2efcd46-9ed5-11e5-8f5c-002590263bf5redmine -- open redirect vulnerability

Redmine reports:

Open Redirect vulnerability

Discovery 2014-03-29
Entry 2015-12-10
lt 2.4.5

eq 2.5.0

cf96cd8d-48fb-11e0-98a6-0050569b2d21redmine -- XSS vulnerability

Jean-Philippe Lang reports:

This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix (XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1).

Discovery 2011-03-07
Entry 2011-03-07
gt 1.0 lt 1.1.2
fcc39d22-5777-11df-bf33-001a92771ec2redmine -- multiple vulnerabilities

The Redmine release announcement reports that several cross side scripting vulnerabilities and a potential data disclosure vulnerability have been fixed in the latest release.

Discovery 2010-05-01
Entry 2010-05-14
lt 0.9.4