Lucene search
K

35 matches found

OSV
OSV
added 2024/03/06 11:12 a.m.14 views

BIT-MEDIAWIKI-2021-30156

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists...

4.3CVSS4.5AI score0.01175EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:10 a.m.25 views

BIT-MEDIAWIKI-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS6.7AI score0.01735EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2022/12/26 1:4 p.m.45 views

CVE-2022-41767

An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user using reassignEdits.php, the changes will still be attributed to the IP address on Special:Contributions when doing a range...

5.3CVSS3AI score0.00641EPSS
Exploits0References3
Mageia
Mageia
added 2022/10/13 8:5 p.m.49 views

Updated mediawiki packages fix security vulnerability

HTMLUserTextField exposes existence of hidden users CVE-2022-41765. reassignEdits doesn't update results in an IP range check on Special:Contributions CVE-2022-41767...

5.3CVSS1.8AI score0.00641EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2022/09/29 12:0 a.m.39 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: T316304, CVE-2022-41767 SECURITY: reassignEdits doesn't update results in an IP range check on Special:Contributions.. T309894, CVE-2022-41765 SECURITY: HTMLUserTextField exposes existence of hidden users. T307278, CVE-2022-41766 SECURITY: On action=rollback the message...

5.3CVSS1.4AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2022/07/02 8:15 p.m.21 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS0.00992EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/07/02 8:15 p.m.40 views

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

6.1CVSS6.5AI score0.00992EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 7:17 p.m.31 views

GHSA-C8WV-QWWC-6J73 MediaWiki allows a denial of service

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS6.7AI score0.01735EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/24 7:17 p.m.38 views

MediaWiki allows a denial of service

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS7.7AI score0.01735EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.20 views

MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.34.x before 1.34.3. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML...

6.1CVSS5.5AI score0.01104EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2021/10/11 8:15 a.m.20 views

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS0.01735EPSS
Exploits0References7
OSV
OSV
added 2021/10/11 8:15 a.m.21 views

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS7.2AI score
Exploits0References7
Prion
Prion
added 2021/10/11 8:15 a.m.34 views

Code injection

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5CVSS6.7AI score0.01735EPSS
Exploits0References7Affected Software2
UbuntuCve
UbuntuCve
added 2021/10/11 8:15 a.m.30 views

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS6.1AI score0.01735EPSS
Exploits0References3
CVE
CVE
added 2021/10/11 12:0 a.m.97 views

CVE-2021-41800

MediaWiki before 1.36.2 is affected by CVE-2021-41800, a denial-of-service due to resource consumption from lengthy SQL processing in Special:Contributions, caused by mishandling PoolCounter protection. The issue is documented in multiple sources (including GHSA advisory and Debian/Fedora securit...

5.3CVSS6.6AI score0.01735EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2021/10/11 12:0 a.m.27 views

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

7.1AI score0.01735EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/10/11 12:0 a.m.33 views

CVE-2021-41800

MediaWiki before 1.36.2 allows a denial of service resource consumption because of lengthy query processing time. Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled...

5.3CVSS5.5AI score0.01735EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/09/30 8:49 p.m.53 views

CVE-2021-41800

A flaw was found in MediaWiki, where Visiting Special:Contributions may result in a long query due to mishandled PoolCounter protection. This issue may cause resource exhaustion, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

5.3CVSS1.3AI score0.01735EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/04/12 4:46 p.m.27 views

CVE-2021-30156

In mediawiki package, the "Special:Contributions" functionality can leak information that a "hidden" user exists...

5.4CVSS2.4AI score0.01175EPSS
Exploits1References3
Veracode
Veracode
added 2021/04/10 4:45 a.m.23 views

Information Disclosure

MediaWiki is vulnerable to information disclosure. Special:Contributions can leak that a "hidden" user exists...

4.3CVSS1.2AI score0.01175EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder