FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
22283b8c-13c5-11e8-a861-20cf30e32f6d	Bugzilla security issues Bugzilla Security Advisory A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. Discovery 2018-02-16 Entry 2018-02-16 bugzilla44 < 4.4.13 bugzilla50 < 5.0.4 CVE-2018-5123 https://bugzilla.mozilla.org/show_bug.cgi?id=1433400
b6587341-4d88-11e4-aef9-20cf30e32f6d	Bugzilla multiple security issues Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. Cross-Site Scripting During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information. Information Leak If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. Social Engineering Search results can be exported as a CSV file which can then be imported into external spreadsheet programs. Specially formatted field values can be interpreted as formulas which can be executed and used to attack a user's computer. Discovery 2014-10-06 Entry 2014-10-06 bugzilla44 < 4.4.6 CVE-2014-1572 CVE-2014-1573 CVE-2014-1571 https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 https://bugzilla.mozilla.org/show_bug.cgi?id=1075578 https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 https://bugzilla.mozilla.org/show_bug.cgi?id=1054702
54075861-a95a-11e5-8b40-20cf30e32f6d	Bugzilla security issues Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack. If an external HTML page contains a

VuXML ID

Description

22283b8c-13c5-11e8-a861-20cf30e32f6d

Bugzilla security issues

Bugzilla Security Advisory

A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to.

Discovery 2018-02-16
Entry 2018-02-16
bugzilla44

< 4.4.13

bugzilla50

< 5.0.4

CVE-2018-5123
https://bugzilla.mozilla.org/show_bug.cgi?id=1433400

b6587341-4d88-11e4-aef9-20cf30e32f6d

Bugzilla multiple security issues

Bugzilla Security Advisory

Unauthorized Account Creation

An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting.

Cross-Site Scripting

During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information.

Information Leak

If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group.

Social Engineering

Search results can be exported as a CSV file which can then be imported into external spreadsheet programs. Specially formatted field values can be interpreted as formulas which can be executed and used to attack a user's computer.

Discovery 2014-10-06
Entry 2014-10-06
bugzilla44

< 4.4.6

CVE-2014-1572
CVE-2014-1573
CVE-2014-1571
https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
https://bugzilla.mozilla.org/show_bug.cgi?id=1054702

54075861-a95a-11e5-8b40-20cf30e32f6d

Bugzilla security issues

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.

If an external HTML page contains a