FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
59a0af97-dbd4-11e5-8fa8-14dae9d210b8drupal -- multiple vulnerabilities

Drupal Security Team reports:

  • File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)

  • Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)

  • Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical)

  • Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical)

  • HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical)

  • Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical)

  • Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical)

  • Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical)

  • Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical)

  • Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical)


Discovery 2016-02-24
Entry 2016-02-25
drupal6
lt 6.38

drupal7
lt 7.43

drupal8
lt 8.0.4

https://www.drupal.org/SA-CORE-2016-001
e1ff4c5e-d687-11e6-9171-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2017-01-06
Entry 2017-01-06
py27-django16
py33-django16
py34-django16
py35-django16
ge 0

drupal6
ge 0

ports/211975