Lucene search
K

8 matches found

OSV
OSV
added 2023/07/26 10:7 p.m.14 views

MGASA-2023-0241 Updated mediawiki packages fix security vulnerability

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many...

7.5CVSS6AI score0.01216EPSS
Exploits1References3
OSV
OSV
added 2022/04/18 7:42 a.m.9 views

MGASA-2022-0145 Updated mediawiki packages fix security vulnerability

Title::newMainPage goes into an infinite recursion loop if it points to a local interwiki CVE-2022-28201. Messages widthheight/widthheightpage/nbytes not escaped when used in galleries or Special:RevisionDelete CVE-2022-28202. Requesting Special:NewFiles on a wiki with many file uploads with acto...

7.5CVSS5.8AI score0.01152EPSS
Exploits3References3
OSV
OSV
added 2021/10/13 7:39 p.m.11 views

MGASA-2021-0477 Updated mediawiki packages fix security vulnerability

XSS vulnerability in Special:Search. CVE-2021-41798 ApiQueryBacklinks can cause a full table scan. CVE-2021-41799 Fix PoolCounter protection of Special:Contributions. CVE-2021-41800 ReplaceText continues performing actions if the user no longer has the correct permission such as by being blocked...

8.8CVSS6AI score0.01735EPSS
Exploits1References5
OSV
OSV
added 2018/11/03 11:55 a.m.6 views

MGASA-2018-0433 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...

6.5CVSS5.3AI score0.02797EPSS
Exploits1References3
Mageia
Mageia
added 2018/11/03 11:55 a.m.29 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: '$wgRateLimits' entry for 'user' overrides 'newbie' CVE-2018-0503. When a log event is partially hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information CVE-2018-0504. BotPasswords can bypass CentralAuth's...

6.5CVSS1.8AI score0.02797EPSS
Exploits1References2
OSV
OSV
added 2017/04/16 6:29 a.m.9 views

MGASA-2017-0110 Updated mediawiki packages fix security vulnerability

API parameters may now be marked as "sensitive" to keep their values out of the logs CVE-2017-0361. "Mark all pages visited" on the watchlist now requires a CSRF token CVE-2017-0362. Special:UserLogin and Special:Search allow redirect to interwiki links CVE-2017-0363, CVE-2017-0364. XSS in...

8.8CVSS5.4AI score0.01525EPSS
Exploits1References3
Mageia
Mageia
added 2015/11/02 8:21 p.m.36 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.11, the API failed to correctly stop adding new chunks to the upload when the reported size was exceeded, allowing a malicious user to upload add an infinite number of chunks for a single file upload CVE-2015-8001. ...

6.8CVSS8.8AI score0.01674EPSS
Exploits0References3
OSV
OSV
added 2014/04/28 6:16 p.m.5 views

MGASA-2014-0197 Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action CVE-2014-2853...

4.3CVSS6.2AI score0.02377EPSS
Exploits0References4
Rows per page
Query Builder