Search CVE reports
121 – 130 of 345 results
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Not affected | Not affected | Not affected | Ignored | Ignored |
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Not affected | Not affected | Not affected | Ignored | Ignored |
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the...
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 4 of 113
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...
11 affected packages
gnucash, mediawiki, node-moment, ntopng, odoo...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gnucash | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| node-moment | Not affected | Not affected | Fixed | Fixed | Fixed |
| ntopng | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| odoo | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| omnidb | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| postfixadmin | Vulnerable | Vulnerable | Fixed | Not affected | Not affected |
| ruby-momentjs-rails | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| sabnzbdplus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| syncthing | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username...
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the...
1 affected package
mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we...
5 affected packages
civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| guzzle | Not affected | Not affected | Not in release | Not in release | Not in release |
| icinga-php-thirdparty | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| icingaweb2-module-reactbundle | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| mediawiki | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify...
5 affected packages
civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| guzzle | Not affected | Not affected | Not in release | Not in release | Not in release |
| icinga-php-thirdparty | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| icingaweb2-module-reactbundle | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| mediawiki | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |