CVE search results

41 – 50 of 263 results

Detailed view

Sort by:

CVE-2022-28204

Medium priority

Needs evaluation

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-28203

Medium priority

Needs evaluation

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-28201

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the...

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-31129

Medium priority

Some fixes available 4 of 102

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

gnucash, mediawiki, node-moment, ntopng, odoo...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gnucash	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
node-moment	Not affected	Fixed	Fixed	Fixed
ntopng	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
odoo	Needs evaluation	Needs evaluation	Not in release	Not in release
omnidb	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
postfixadmin	Vulnerable	Fixed	Not affected	Not affected
ruby-momentjs-rails	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
sabnzbdplus	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
syncthing	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wordpress	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-34912

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username...

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-34911

Medium priority

Needs evaluation

An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the...

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-31091

Medium priority

Needs evaluation

Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we...

5 affected packages

civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
civicrm	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
guzzle	Not affected	Not in release	Not in release	Not in release
icinga-php-thirdparty	Needs evaluation	Needs evaluation	Not in release	Not in release
icingaweb2-module-reactbundle	Needs evaluation	Needs evaluation	Not in release	Not in release
mediawiki	Not affected	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-31090

Medium priority

Needs evaluation

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify...

5 affected packages

civicrm, guzzle, icinga-php-thirdparty, icingaweb2-module-reactbundle, mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
civicrm	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
guzzle	Not affected	Not in release	Not in release	Not in release
icinga-php-thirdparty	Needs evaluation	Needs evaluation	Not in release	Not in release
icingaweb2-module-reactbundle	Needs evaluation	Needs evaluation	Not in release	Not in release
mediawiki	Not affected	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-29969

Medium priority

Needs evaluation

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-28202

Medium priority

Needs evaluation

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

1 affected package

mediawiki

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports