17 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-25827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluste...
Mageia: Security Advisory (MGASA-2020-0381)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 33 : mediawiki / php-oojs-oojs-ui / php-wikimedia-assert / etc (2020-a4802c53d9)
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-Septembe r/000263.html The 1.34.x series is now end-of-life and the 1.35.x series is a LTS release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...
Fedora: Security Advisory for php-zordius-lightncandy (FEDORA-2020-a4802c53d9)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mediawiki (FEDORA-2020-a4802c53d9)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 2379-3] mediawiki regression update
Debian LTS Advisory DLA-2379-3 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez November 21, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u6 The update of mediawiki released as DLA-2379-2 contained a defect in the patch for...
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
1.35.0-alt1 built Oct. 14, 2020 Vitaly Lipatov in task 259569 Oct. 9, 2020 Vitaly Lipatov - new version 1.35.0 LTS with rpmrb script - CVE-2020-25813, CVE-2020-25812, CVE-2020-25815 - CVE-2020-17367, CVE-2020-17368, CVE-2020-25814 - CVE-2020-25828, CVE-2020-25869, CVE-2020-25827...
Updated mediawiki packages fix security vulnerability
Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...
MediaWiki Multiple Vulnerabilities (Sep 2020) - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
MediaWiki Multiple Vulnerabilities (Sep 2020) - Linux
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
[SECURITY] [DLA 2379-2] mediawiki regression update
Debian LTS Advisory DLA-2379-2 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 28, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u5 Debian Bug : 971264 The update of mediawiki released as DLA-2379-1 contained a defect in...
CVE-2020-25827
creationtimestamp| type| source ---|---|--- 2020-09-28 00:48:52+00:00| seen| https://t.me/cibsecurity/14909...
Debian DLA-2379-3 : mediawiki regression update
The update of mediawiki released as DLA-2379-2 contained a defect in the patch for CVE-2020-25827 which resulted from a possible use of an uninitialized variable. Updated mediawiki packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in version...
Debian DSA-4767-1 : mediawiki - security update
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against...
CVE-2020-25827
MediaWiki CVE-2020-25827 affects the OATHAuth extension. The issue occurs when Wikis run OATHAuth on a farm/cluster (e.g., CentralAuth) where token rate limiting is enforced only at a single site level; this enables issuing multiple OATH token requests across many wikis/sites concurrently. Affect...
Debian: Security Advisory (DSA-4767-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2379-1] mediawiki security update
Debian LTS Advisory DLA-2379-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez September 25, 2020 https://wiki.debian.org/LTS Package : mediawiki Version : 1:1.27.7-1deb9u4 CVE ID : CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828 Multiple security...