FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2eec1e85-faf3-11ea-8ac0-4437e6ad11c4	tt-rss -- multiple vulnerabilities tt-rss project reports: The cached_url feature mishandles JavaScript inside an SVG document. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. Discovery 2020-09-15 Entry 2020-09-20 tt-rss lt g20200919 https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 https://community.tt-rss.org/t/replace-php-gettext/2889 CVE-2020-25789 CVE-2020-25788 CVE-2020-25787 CVE-2016-6175

VuXML ID

Description

2eec1e85-faf3-11ea-8ac0-4437e6ad11c4

tt-rss -- multiple vulnerabilities

tt-rss project reports:

The cached_url feature mishandles JavaScript inside an SVG document.

imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

It does not validate all URLs before requesting them.

Allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.

Discovery 2020-09-15
Entry 2020-09-20
tt-rss

lt g20200919

https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
https://community.tt-rss.org/t/replace-php-gettext/2889
CVE-2020-25789
CVE-2020-25788
CVE-2020-25787
CVE-2016-6175