EUVD-2022-34217

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-28202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties ...

UBUNTU-CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query...

Design/Logic Flaw

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query...

CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query...

CVE-2022-28203

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query...

MediaWiki SQL Injection Vulnerability

MediaWiki is a set of web-based wiki engines from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and earlier, which stems from a SemanticDrilldown...

MediaWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-70093)

MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki version 1.37.2 and earlier versions contain a cross-site request forgery vulnerability...

CVE-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and prior versions, which stems from...

PT-2022-18961 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.37.2 Description: An issue was discovered in the SecurePoll extension of MediaWiki, allowing a leak because sorting by timestamp is supported. Recommendations: For MediaWiki versions through 1.37.2, consider...

CVE-2022-29907

The Nimbus skin for MediaWiki through 1.37.2 before 6f9c8fb868345701d9544a54d9752515aace39df allows XSS in Advertise link messages...

CVE-2022-29905

The FanBoxes extension for MediaWiki through 1.37.2 before 027ffb0b9d6fe0d823810cf03f5b562a212162d4 allows Special:UserBoxes CSRF...

CVE-2022-29904

The SemanticDrilldown extension for MediaWiki through 1.37.2 before e688bdba6434591b5dff689a45e4d53459954773 allows SQL injection with certain '-' and '' constraints...

CVE-2022-29905

CVE-2022-29905 affects the FanBoxes extension for MediaWiki up to version 1.37.2. The vulnerability is a CSRF in Special:UserBoxes, arising from insufficient CSRF protection. Impact per CVSS 3.1 is LOW to MEDIUM with user interaction required. The fix is included in the patch 027ffb0b9d6fe0d82381...

MediaWiki 跨站脚本漏洞

MediaWiki is a set of web-based wiki engines from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and prior versions, which stems from a cross-site...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.37.2 and earlier versions, which stems fro...

PT-2022-19903 · Mediawiki +1 · Mediawiki Semanticdrilldown Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki SemanticDrilldown extension versions through 1.37.2 Description: The issue allows SQL injection with certain '-' and ' ' constraints. Recommendations: For MediaWiki SemanticDrilldown extension versions through 1.37.2, update to a...

PT-2022-19906 · Mediawiki +1 · Mediawiki Nimbus Skin +1

Name of the Vulnerable Software and Affected Versions: MediaWiki Nimbus skin versions through 1.37.2 Description: The issue allows XSS in Advertise link messages. Recommendations: For MediaWiki Nimbus skin versions through 1.37.2, update to a version after 6f9c8fb868345701d9544a54d9752515aace39df...

PT-2022-19905 · Mediawiki +1 · Mediawiki Quiz Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki QuizGame extension versions through 1.37.2 Description: The admin API module in the QuizGame extension for MediaWiki omits a check for the quizadmin user. Recommendations: For MediaWiki QuizGame extension versions through 1.37.2,...