FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  526079
Date:      2020-02-14
Time:      01:16:13Z
Committer: philip

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
12d1b5a6-e39d-11e5-9f77-5453ed2e2b49websvn -- reflected cross-site scripting

Sebastien Delafond reports:

Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.


Discovery 2016-02-22
Entry 2016-03-06
websvn
lt 2.3.3_1

CVE-2016-2511
https://lists.debian.org/debian-security-announce/2016/msg00060.html
http://seclists.org/fulldisclosure/2016/Feb/99
f69e1f09-e39b-11e5-9f77-5453ed2e2b49websvn -- information disclosure

Thijs Kinkhorst reports:

James Clawson reported:

"Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file (using the download link).

An attacker must have write access to the repo, and the download option must have been enabled in the websvn config file."


Discovery 2015-01-18
Entry 2016-03-06
websvn
lt 2.3.3_1

CVE-2013-6892
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6892
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682