FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  519163
Date:      2019-12-06
Time:      20:22:53Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f0806cad-c7f1-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20160801] - Core - ACL Violation

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

[20160802] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in mail component.

[20160803] - Core - CSRF

Add additional CSRF hardening in com_joomlaupdate.


Discovery 2016-08-03
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.1

https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html
bf2b9c56-b93e-11e8-b2a8-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports: Multiple low-priority Vulnerabilities

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Inadequate checks regarding disabled fields can lead to an ACL violation.


Discovery 2018-08-23
Entry 2018-09-15
joomla3
lt 3.8.12

CVE-2018-15860
CVE-2018-15881
CVE-2018-15882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882
https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html
6aa398d0-1c4d-11e9-96dd-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports:

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.


Discovery 2018-12-01
Entry 2019-01-20
joomla3
lt 3.9.2

https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html
CVE-2019-6264
https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html
CVE-2019-6261
https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html
CVE-2019-6263
https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html
CVE-2019-6262
624b45c0-c7f3-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161201] - Core - Elevated Privileges

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

[20161203] - Core - Information Disclosure

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.


Discovery 2016-12-06
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.5

CVE-2016-9836
CVE-2016-9837
CVE-2016-9838
https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html
https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
a27d234a-c7f2-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161001] - Core - Account Creation

Inadequate checks allows for users to register on a site when registration has been disabled.

[20161002] - Core - Elevated Privilege

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.


Discovery 2016-10-25
Entry 2016-12-22
joomla3
ge 3.4.4 lt 3.6.4

CVE-2016-8869
CVE-2016-8870
CVE-2016-9081
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
c0ef061a-c7f0-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151206] - Core - Session Hardening

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.

[20151207] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.


Discovery 2015-12-21
Entry 2016-12-22
joomla3
ge 1.5.0 lt 3.4.7

https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html