FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5e439ee7-d3bd-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an SQL injection in the ‘odbc’ database driver.

Updated set_realpath() Path Helper function to filter-out php:// wrapper inputs.


Discovery 2016-07-26
Entry 2017-01-06
codeigniter
< 3.1.0

https://www.codeigniter.com/user_guide/changelog.html
ef3423e4-d056-11e7-a52c-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Security: Fixed a potential object injection in Cache Library 'apc' driver when save() is used with $raw = TRUE.


Discovery 2017-09-25
Entry 2017-11-23
codeigniter
< 3.1.6

https://www.codeigniter.com/user_guide/changelog.html
aaedf196-6436-11e7-8b49-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is available.


Discovery 2017-06-19
Entry 2017-07-08
codeigniter
< 3.1.5

https://www.codeigniter.com/user_guide/changelog.html
df0144fb-295e-11e7-970f-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a header injection vulnerability in common function set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate).

Fixed byte-safety issues in Encrypt Library (DEPRECATED) when mbstring.func_overload is enabled.

Fixed byte-safety issues in Encryption Library when mbstring.func_overload is enabled.

Fixed byte-safety issues in compatibility functions password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled.

Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with MCRYPT_DEV_URANDOM.


Discovery 2017-03-23
Entry 2017-04-25
codeigniter
< 3.1.4

https://www.codeigniter.com/user_guide/changelog.html
496160d3-d3be-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a number of new vulnerabilities in Security Library method xss_clean().


Discovery 2016-10-28
Entry 2017-01-06
codeigniter
< 3.1.2

https://www.codeigniter.com/user_guide/changelog.html
71ebbc50-01c1-11e7-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an XSS vulnerability in Security Library method xss_clean().

Fixed a possible file inclusion vulnerability in Loader Library method vars().

Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros).

Added protection against timing side-channel attacks in Security Library method csrf_verify().

Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().


Discovery 2017-01-09
Entry 2017-03-05
codeigniter
< 3.1.3

https://www.codeigniter.com/user_guide/changelog.html