FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
dc2d76df-a595-11e4-9363-20cf30e32f6dBugzilla multiple security issues

Bugzilla Security Advisory

Command Injection

Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.

Information Leak

Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API.


Discovery 2015-01-21
Entry 2015-01-26
bugzilla44
< 4.4.7

CVE-2014-8630
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
ea893f06-5a92-11e5-98c0-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

Login names (usually an email address) longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested. The login name could then be automatically added to groups based on the group's regular expression setting.


Discovery 2015-09-10
Entry 2015-09-14
bugzilla44
< 4.4.10

bugzilla50
< 5.0.1

CVE-2015-4499
https://bugzilla.mozilla.org/show_bug.cgi?id=1202447
22283b8c-13c5-11e8-a861-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A CSRF vulnerability in report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to.


Discovery 2018-02-16
Entry 2018-02-16
bugzilla44
< 4.4.13

bugzilla50
< 5.0.4

CVE-2018-5123
https://bugzilla.mozilla.org/show_bug.cgi?id=1433400
036d6c38-1c5b-11e6-b9e0-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs.


Discovery 2016-03-03
Entry 2016-05-17
bugzilla44
< 4.4.12

bugzilla50
< 5.0.3

CVE-2016-2803
https://bugzilla.mozilla.org/show_bug.cgi?id=1253263
54075861-a95a-11e5-8b40-20cf30e32f6dBugzilla security issues

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.

If an external HTML page contains a