FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
59a0af97-dbd4-11e5-8fa8-14dae9d210b8	drupal -- multiple vulnerabilities Drupal Security Team reports: File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical) Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical) Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical) Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical) HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical) Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical) Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical) Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical) Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical) Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical) Discovery 2016-02-24 Entry 2016-02-25 drupal6 < 6.38 drupal7 < 7.43 drupal8 < 8.0.4 https://www.drupal.org/SA-CORE-2016-001
e1ff4c5e-d687-11e6-9171-14dae9d210b8	End of Life Ports These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible. Discovery 2017-01-06 Entry 2017-01-06 py27-django16 py33-django16 py34-django16 py35-django16 >= 0 drupal6 >= 0 ports/211975

VuXML ID

Description

59a0af97-dbd4-11e5-8fa8-14dae9d210b8

drupal -- multiple vulnerabilities

Drupal Security Team reports:

File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)

Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)

Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical)

Form API ignores access restrictions on submit buttons (Form API - Drupal 6 - Critical)

HTTP header injection using line breaks (Base system - Drupal 6 - Moderately Critical)

Open redirect via double-encoded 'destination' parameter (Base system - Drupal 6 - Moderately Critical)

Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical)

Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical)

Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical)

Session data truncation can lead to unserialization of user provided data (Base system - Drupal 6 - Less Critical)

Discovery 2016-02-24
Entry 2016-02-25
drupal6

< 6.38

drupal7

< 7.43

drupal8

< 8.0.4

https://www.drupal.org/SA-CORE-2016-001

e1ff4c5e-d687-11e6-9171-14dae9d210b8

End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.

Discovery 2017-01-06
Entry 2017-01-06
py27-django16
py33-django16
py34-django16
py35-django16

>= 0

drupal6

>= 0

ports/211975