FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
19259833-26b1-11eb-a239-1c697a013f4bmantis -- multiple vulnerabilities

Mantis 2.24.3 release reports:

This release fixes 3 security issues:

  • 0027039: CVE-2020-25781: Access to private bug note attachments
  • 0027275: CVE-2020-25288: HTML Injection on bug_update_page.php
  • 0027304: CVE-2020-25830: HTML Injection in bug_actiongroup_page.php

Discovery 2020-09-13
Entry 2020-11-14
Modified 2020-11-15
mantis-php72
mantis-php73
mantis-php74
mantis-php80
< 2.24.3,1

ports/251141
CVE-2020-25781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25781
CVE-2020-25288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25288
CVE-2020-25830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25830
9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3mantis -- multiple vulnerabilities

Mantis 2.25.1 and 2.25.2 releases report:

Security and maintenance release, PHPMailer update to 6.5.0

  • 0028552: XSS in manage_custom_field_edit_page.php (CVE-2021-33557)
  • 0028821: Update PHPMailer to 6.5.0 (CVE-2021-3603, CVE-2020-36326)

Discovery 2021-04-28
Entry 2021-07-09
mantis-php73
mantis-php74
mantis-php80
< 2.25.2,1

CVE-2021-33557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33557
CVE-2021-3603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3603
CVE-2020-36326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36326
2dc8927b-54e0-11eb-9342-1c697a013f4bmantis -- multiple vulnerabilities

Mantis 2.24.4 release reports:

Security and maintenance release, addressing 6 CVEs:

  • 0027726: CVE-2020-29603: disclosure of private project name
  • 0027727: CVE-2020-29605: disclosure of private issue summary
  • 0027728: CVE-2020-29604: full disclosure of private issue contents, including bugnotes and attachments
  • 0027361: Private category can be access/used by a non member of a private project (IDOR)
  • 0027779: CVE-2020-35571: XSS in helper_ensure_confirmed() calls
  • 0026794: User Account - Takeover
  • 0027363: Fixed in version can be changed to a version that doesn't exist
  • 0027350: When updating an issue, a Viewer user can be set as Reporter
  • 0027370: CVE-2020-35849: Revisions allow viewing private bugnotes id and summary
  • 0027495: CVE-2020-28413: SQL injection in the parameter "access" on the mc_project_get_users function throught the API SOAP.
  • 0027444: Printing unsanitized user input in install.php

Discovery 2020-11-10
Entry 2021-03-10
mantis-php72
mantis-php73
mantis-php74
mantis-php80
< 2.24.4,1

CVE-2020-28413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28413
CVE-2020-35849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35849
81fcc2f9-e15a-11e9-abbf-800dd28b22bdmantis -- multiple vulnerabilities

The Mantis developers report:

CVE-2019-15715: [Admin Required - Post Authentication] Command Execution / Injection Vulnerability

CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute

Missing integrity hashes for CSS resources from CDNs


Discovery 2019-08-28
Entry 2019-09-27
mantis-php71
mantis-php72
mantis-php73
mantis-php74
< 2.22.1,1

https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.22.1
CVE-2019-15715
CVE-2019-8331