FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-19 05:30:57 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
090763f6-7030-11ea-93dd-080027846a02	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T246602:jquery.makeCollapsible allows applying event handler to any CSS selector. Discovery 2020-03-02 Entry 2020-03-27 mediawiki131 < 1.31.7 mediawiki133 < 1.33.3 mediawiki134 < 1.34.1 https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-March/000247.html
3c5a4fe0-9ebb-11e9-9169-fcaa147e860e	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire `watchlist` table. T207603, CVE-2019-12471: Loading user JavaScript from a non-existent account allows anyone to create the account, and XSS the users' loading that script. T208881: blacklist CSS var(). T199540, CVE-2019-12472: It is possible to bypass the limits on IP range blocks (`$wgBlockCIDRLimit`) by using the API. T212118, CVE-2019-12474: Privileged API responses that include whether a recent change has been patrolled may be cached publicly. T209794, CVE-2019-12467: A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. T25227, CVE-2019-12466: An account can be logged out without using a token(CRRF) T222036, CVE-2019-12469: Exposed suppressed username or log in Special:EditTags. T222038, CVE-2019-12470: Exposed suppressed log in RevisionDelete page. T221739, CVE-2019-11358: Fix potential XSS in jQuery. Discovery 2019-04-23 Entry 2019-07-05 mediawiki131 < 1.31.3 mediawiki132 < 1.32.3 CVE-2019-11358 CVE-2019-12466 CVE-2019-12467 CVE-2019-12468 CVE-2019-12469 CVE-2019-12470 CVE-2019-12471 CVE-2019-12472 CVE-2019-12473 CVE-2019-12474 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html
be1aada2-be6c-11e8-8fc6-000c29434208	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T169545: $wgRateLimits entry for 'user' overrides 'newbie'. T194605: BotPasswords can bypass CentralAuth's account lock. T187638: When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden T193237: Special:BotPasswords should require reauthenticate. Discovery 2018-08-29 Entry 2018-09-22 mediawiki127 < 1.27.5 mediawiki129 le 1.29.3 mediawiki130 < 1.30.1 mediawiki131 < 1.31.1 CVE-2018-0503 CVE-2018-0505 CVE-2018-0504 https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html
c32285fe-fde4-11e9-9525-000c29c4dc65	mediawiki -- multiple vulnerabilities Mediawiki reports: Security fixes: T230402, CVE-2019-16738 SECURITY: Add permission check for suppressed account to Special:Redirect. Discovery 2019-08-13 Entry 2019-11-03 mediawiki131 < 1.31.5 mediawiki132 < 1.32.5 mediawiki133 < 1.33.1 CVE-2019-16738 https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-October/000236.html
f84ab297-2285-11ec-9e79-08002789875b	mediawiki -- multiple vulnerabilities Mediawiki reports: (T285515, CVE-2021-41798) SECURITY: XSS vulnerability in Special:Search. (T290379, CVE-2021-41799) SECURITY: ApiQueryBacklinks can cause a full table scan. (T284419, CVE-2021-41800) SECURITY: fix PoolCounter protection of Special:Contributions. (T279090, CVE-2021-41801) SECURITY: ReplaceText continues performing actions if the user no longer has the correct permission (such as by being blocked). Discovery 2021-06-24 Entry 2021-10-01 mediawiki131 < 1.31.16 mediawiki135 < 1.35.4 mediawiki136 < 1.36.2 CVE-2021-41798 CVE-2021-41799 CVE-2021-41800 CVE-2021-41801 https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/