FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
dc2d76df-a595-11e4-9363-20cf30e32f6d | Bugzilla multiple security issues
Bugzilla Security Advisory
Command Injection
Some code in Bugzilla does not properly utilize 3 arguments form
for open() and it is possible for an account with editcomponents
permissions to inject commands into product names and other
attributes.
Information Leak
Using the WebServices API, a user can possibly execute imported
functions from other non-WebService modules. A whitelist has now
been added that lists explicit methods that can be executed via the
API.
Discovery 2015-01-21 Entry 2015-01-26 bugzilla44
< 4.4.7
CVE-2014-8630
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
|
54075861-a95a-11e5-8b40-20cf30e32f6d | Bugzilla security issues
Bugzilla Security Advisory
During the generation of a dependency graph, the code for
the HTML image map is generated locally if a local dot
installation is used. With escaped HTML characters in a bug
summary, it is possible to inject unfiltered HTML code in
the map file which the CreateImagemap function generates.
This could be used for a cross-site scripting attack.
If an external HTML page contains a |