FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517534
Date:      2019-11-13
Time:      23:45:36Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
21bc4d71-9ed8-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Data disclosure in atom feed.


Discovery 2015-12-05
Entry 2015-12-10
Modified 2015-12-11
redmine
lt 2.6.9

ge 3.0.0 lt 3.0.7

ge 3.1.0 lt 3.1.3

CVE-2015-8537
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
be63533c-9ed7-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Potential changeset message disclosure in issues API.

Data disclosure on the time logging form


Discovery 2015-11-14
Entry 2015-12-10
redmine
lt 2.6.8

ge 3.0.0 lt 3.0.6

ge 3.1.0 lt 3.1.2

CVE-2015-8346
CVE-2015-8473
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://www.openwall.com/lists/oss-security/2015/11/25/12
http://www.openwall.com/lists/oss-security/2015/12/03/7
0e0385d1-9ed5-11e5-8f5c-002590263bf5redmine -- multiple vulnerabilities

Redmine reports:

Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks.

Persistent XSS vulnerability


Discovery 2012-03-11
Entry 2015-12-10
redmine
lt 1.3.2

CVE-2012-0327
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://jvn.jp/en/jp/JVN93406632/
584c506d-0e98-11e0-b59b-0050569b2d21redmine -- multiple vulnerabilities

Jean-Philippe Lang reports:

This release also fixes 3 security issues reported by joernchen of Phenoelit:

  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

Discovery 2010-12-23
Entry 2010-12-23
redmine
lt 1.0.5

http://www.redmine.org/news/49
939a7086-9ed6-11e5-8f5c-002590263bf5redmine -- potential XSS vulnerability

Redmine reports:

Potential XSS vulnerability when rendering some flash messages.


Discovery 2015-02-19
Entry 2015-12-10
redmine
lt 2.6.2

CVE-2015-8477
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
http://www.openwall.com/lists/oss-security/2015/12/05/6
49def4b7-9ed6-11e5-8f5c-002590263bf5redmine -- information leak vulnerability

Redmine reports:

Potential data leak (project names) in the invalid form authenticity token error screen.


Discovery 2014-07-06
Entry 2015-12-10
redmine
lt 2.4.6

ge 2.5.0 lt 2.5.2

http://www.redmine.org/projects/redmine/wiki/Security_Advisories
cf96cd8d-48fb-11e0-98a6-0050569b2d21redmine -- XSS vulnerability

Jean-Philippe Lang reports:

This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix (XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1).


Discovery 2011-03-07
Entry 2011-03-07
redmine
gt 1.0 lt 1.1.2

http://www.redmine.org/news/53
584c506d-0e98-11e0-b59b-0050569b2d21redmine -- multiple vulnerabilities

Jean-Philippe Lang reports:

This release also fixes 3 security issues reported by joernchen of Phenoelit:

  • logged in users may be able to access private data (affected versions: 1.0.x)
  • persistent XSS vulnerability in textile formatter (affected versions: all previous releases)
  • remote command execution in bazaar repository adapter (affected versions: 0.9.x, 1.0.x)

Discovery 2010-12-23
Entry 2010-12-23
redmine
lt 1.0.5

http://www.redmine.org/news/49
c2efcd46-9ed5-11e5-8f5c-002590263bf5redmine -- open redirect vulnerability

Redmine reports:

Open Redirect vulnerability


Discovery 2014-03-29
Entry 2015-12-10
redmine
lt 2.4.5

eq 2.5.0

CVE-2014-1985
http://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://jvn.jp/en/jp/JVN93004610/index.html
cf96cd8d-48fb-11e0-98a6-0050569b2d21redmine -- XSS vulnerability

Jean-Philippe Lang reports:

This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix (XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1).


Discovery 2011-03-07
Entry 2011-03-07
redmine
gt 1.0 lt 1.1.2

http://www.redmine.org/news/53
ae377aeb-9ed4-11e5-8f5c-002590263bf5redmine -- CSRF protection bypass

Redmine reports:

Vulnerability that would allow an attacker to bypass the CSRF protection.


Discovery 2011-12-10
Entry 2015-12-10
redmine
lt 1.3.0

http://www.redmine.org/projects/redmine/wiki/Security_Advisories