This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
bd7592a1-cbfd-11ee-a42a-5404a6f3ca32 | gitea -- Prevent anonymous container accessProblem Description:Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images. Discovery 2024-01-24 Entry 2024-02-15 gitea < 1.21.5 https://blog.gitea.com/release-of-1.21.5/ |
482bb980-99a3-11ee-b5f7-6bd56600d90c | gitea -- missing permission checks The Gitea team reports:
By crafting an API request, attackers can access the contents of issues even though the logged-in user does not have access rights to these issues. Discovery 2023-08-30 Entry 2023-09-10 gitea < 1.21.2 https://github.com/go-gitea/gitea/releases/tag/v1.21.2 |
b2765c89-a052-11ee-bed2-596753f1a87c | gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin The Gitea team reports:
Discovery 2023-12-19 Entry 2023-12-21 gitea < 1.21.3 https://github.com/go-gitea/gitea/releases/tag/v1.21.3 |
5ecfb588-d2f4-11ee-ad82-dbdfaa8acfc2 | gitea -- Fix XSS vulnerabilitiesProblem Description:
Discovery 2024-02-23 Entry 2024-02-24 gitea < 1.21.6 https://blog.gitea.com/release-of-1.21.6/ |