FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3c5a4fe0-9ebb-11e9-9169-fcaa147e860e	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users' loading that script. T208881: blacklist CSS var(). T199540, CVE-2019-12472: It is possible to bypass the limits on IP range blocks (`$wgBlockCIDRLimit`) by using the API. T212118, CVE-2019-12474: Privileged API responses that include whether a recent change has been patrolled may be cached publicly. T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF) T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags. T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page. T221739, CVE-2019-11358: Fix potential XSS in jQuery. Discovery 2019-04-23 Entry 2019-07-05 mediawiki131 < 1.31.3 mediawiki132 < 1.32.3 CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html
c32285fe-fde4-11e9-9525-000c29c4dc65	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T230402, CVE-2019-16738 SECURITY: Add permission check for suppressed account to Special:Redirect. Discovery 2019-08-13 Entry 2019-11-03 mediawiki131 < 1.31.5 mediawiki132 < 1.32.5 mediawiki133 < 1.33.1 CVE-2019-16738 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html

VuXML ID

Description

3c5a4fe0-9ebb-11e9-9169-fcaa147e860e

mediawiki -- multiple vulnerabilities

Mediawiki reports:

Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users' loading that script. T208881: blacklist CSS var(). T199540, CVE-2019-12472: It is possible to bypass the limits on IP range blocks (`$wgBlockCIDRLimit`) by using the API. T212118, CVE-2019-12474: Privileged API responses that include whether a recent change has been patrolled may be cached publicly. T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF) T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags. T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page. T221739, CVE-2019-11358: Fix potential XSS in jQuery.

Discovery 2019-04-23
Entry 2019-07-05
mediawiki131

< 1.31.3

mediawiki132

< 1.32.3

CVE-2019-11358
CVE-2019-12466
CVE-2019-12467
CVE-2019-12468
CVE-2019-12469
CVE-2019-12470
CVE-2019-12471
CVE-2019-12472
CVE-2019-12473
CVE-2019-12474
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html

c32285fe-fde4-11e9-9525-000c29c4dc65

mediawiki -- multiple vulnerabilities

Mediawiki reports:

Security fixes: T230402, CVE-2019-16738 SECURITY: Add permission check for suppressed account to Special:Redirect.

Discovery 2019-08-13
Entry 2019-11-03
mediawiki131

< 1.31.5

mediawiki132

< 1.32.5

mediawiki133

< 1.33.1

CVE-2019-16738
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html