CVE search results

111 – 120 of 332 results

Detailed view

Sort by:

CVE-2022-28203

Medium priority

Needs evaluation

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-28201

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the...

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-31129

Medium priority

Some fixes available 4 of 113

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

node-moment, gnucash, mediawiki, ntopng, odoo...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
node-moment	Not affected	Not affected	Fixed	Fixed	Fixed
gnucash	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ntopng	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
odoo	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
omnidb	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
ruby-momentjs-rails	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
sabnzbdplus	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
syncthing	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wordpress	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
postfixadmin	Vulnerable	Vulnerable	Fixed	Not affected	Not affected

CVE-2022-34912

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username...

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-34911

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the...

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-31091

Medium priority

Needs evaluation

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we...

5 affected packages

civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
civicrm	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
guzzle	Not affected	Not affected	Not in release	Not in release	Not in release
icinga-php-thirdparty	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
icingaweb2-module-reactbundle	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
mediawiki	Not affected	Not affected	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-31090

Medium priority

Needs evaluation

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify...

5 affected packages

civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
civicrm	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
guzzle	Not affected	Not affected	Not in release	Not in release	Not in release
icinga-php-thirdparty	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
icingaweb2-module-reactbundle	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
mediawiki	Not affected	Not affected	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-29969

Medium priority

Needs evaluation

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-28202

Medium priority

Needs evaluation

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2017-0371

Low priority

Ignored

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV...

1 affected package

mediawiki

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	—	—	—	—	Not affected

Export to JSON

Results by page:

Search CVE reports