Search CVE reports


Toggle filters

191 – 200 of 345 results


CVE-2019-12468

Medium priority

Some fixes available 14 of 17

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2019-12467

Low priority

Some fixes available 14 of 17

MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2019-11358

Low priority

Some fixes available 3 of 28

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property,...

5 affected packages

drupal7, jquery, mediawiki, node-jquery, otrs2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
drupal7 Not in release Not in release Not in release Not in release Not in release
jquery Not in release Not in release Not in release Not affected Fixed
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
node-jquery Not affected Not affected Not affected Not affected Vulnerable
otrs2 Not in release Not in release Needs evaluation Not affected Needs evaluation
Show less packages

CVE-2018-13258

Negligible priority
Needs evaluation

Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2018-0505

Medium priority
Vulnerable

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-0504

Medium priority
Vulnerable

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2018-0503

Medium priority
Vulnerable

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2014-1686

Negligible priority
Needs evaluation

MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2017-0372

Medium priority
Ignored

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected
Show less packages

CVE-2017-0370

Medium priority
Ignored

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.

1 affected package

mediawiki

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mediawiki Not affected
Show less packages