FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0a50bb48-625f-11ec-a1fb-080027cb2f6fmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis.

(T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel.

(T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages.

(T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions.

(T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action

(T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog.

(T294686) Special:Nuke doesn't actually delete pages.


Discovery 2021-12-01
Entry 2021-12-21
mediawiki135
< 1.35.5

mediawiki136
< 1.36.3

mediawiki137
< 1.37.1

CVE-2021-44854
CVE-2021-44856
CVE-2021-44857
CVE-2021-44858
CVE-2021-45038
CVE-2021-44855
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
5ab54ea0-fa94-11ec-996c-080027b24e86mediawiki -- multiple vulnerabilities

Mediawiki reports:

(T308471) Username is not escaped in the "welcomeuser" message.

(T308473) Username not escaped in the contributions-title message.

(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.

(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.


Discovery 2022-05-16
Entry 2022-07-03
mediawiki135
< 1.35.7

mediawiki137
< 1.37.3

mediawiki138
< 1.38.2

CVE-2022-29248
CVE-2022-27776
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/
79ea6066-b40e-11ec-8b93-080027b24e86mediawiki -- multiple vulnerabilities

Mediawiki reports:

(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete.

(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite recursion loop if it points to a local interwiki.

(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many file uploads with actor as a condition can result in a DoS.

(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when a page is used on a extremely large number of other pages.


Discovery 2021-12-12
Entry 2022-04-04
mediawiki135
< 1.35.6

mediawiki136
< 1.36.4

mediawiki137
< 1.37.2

CVE-2022-28201
CVE-2022-28202
CVE-2022-28203
CVE-2022-28204
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/
f84ab297-2285-11ec-9e79-08002789875bmediawiki -- multiple vulnerabilities

Mediawiki reports:

(T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search.

(T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan.

(T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions.

(T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked).


Discovery 2021-06-24
Entry 2021-10-01
mediawiki131
< 1.31.16

mediawiki135
< 1.35.4

mediawiki136
< 1.36.2

CVE-2021-41798
CVE-2021-41799
CVE-2021-41800
CVE-2021-41801
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/