FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  512243
Date:      2019-09-17
Time:      22:50:11Z
Committer: leres

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8fc615cc-8a66-11e8-8c75-d8cb8abf62ddGitlab -- Remote Code Execution Vulnerability in GitLab Projects Import

Gitlab reports:

Remote Code Execution Vulnerability in GitLab Projects Import


Discovery 2018-07-17
Entry 2018-07-18
gitlab-ce
gitlab
ge 11.0.0 lt 11.0.4

ge 10.8.0 lt 10.8.6

ge 8.9.0 lt 10.7.7

CVE-2018-14364
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
9dfe61c8-4d15-11e8-8f2f-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Persistent XSS in Move Issue using project namespace

Download Archive allowing unauthorized private repo access

Mattermost Updates


Discovery 2018-04-30
Entry 2018-05-01
gitlab
ge 10.7.0 lt 10.7.2

ge 10.6.0 lt 10.6.5

ge 9.5.0 lt 10.5.8

CVE-2018-10379
https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released
9557dc72-64da-11e8-bc32-d8cb8abf62ddGitlab -- multiple vulnerabilities

GitLab reports:

Removing public deploy keys regression

Users can update their password without entering current password

Persistent XSS - Selecting users as allowed merge request approvers

Persistent XSS - Multiple locations of user selection drop downs

include directive in .gitlab-ci.yml allows SSRF requests

Permissions issue in Merge Requests Create Service

Arbitrary assignment of project fields using "Import project"


Discovery 2018-05-29
Entry 2018-05-31
gitlab
ge 10.8.0 lt 10.8.2

ge 10.7.0 lt 10.7.5

ge 1.0 lt 10.6.6

https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
b950a83b-789e-11e8-8545-d8cb8abf62ddGitlab -- multiple vulnerabilities

Gitlab reports:

Wiki XSS

Sanitize gem updates

XSS in url_for(params)

Content injection via username

Activity feed publicly displaying internal project names

Persistent XSS in charts


Discovery 2018-06-25
Entry 2018-06-25
gitlab
ge 11.0.0 lt 11.0.1

ge 10.8.0 lt 10.8.5

ge 4.1 lt 10.7.6

CVE-2018-12606
CVE-2018-3740
CVE-2018-12605
CVE-2018-12607
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/