Debian Mediawiki vulnerabilities

304 known vulnerabilities affecting debian/mediawiki.

Total CVEs
304
CISA KEV
0
Public exploits
6
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH47MEDIUM133LOW94UNKNOWN6

Vulnerabilities

Page 8 of 16
CVE-2018-0504MEDIUMCVSS 6.5fixed in mediawiki 1:1.31.1-1 (bookworm)2018
CVE-2018-0504 [MEDIUM] CVE-2018-0504: mediawiki - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information ... Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid Scope: local bookworm: resolved (fixed in 1:1.31.1-1) bullseye: resolved (fixed in 1:1.31.1-1) forky: resolved (fixed in 1:1.31.1-1) sid: resolved (fixed in 1:1.31.1-1) trixie: resolved (fixed in 1:1.31.1-1)
debian
CVE-2018-0505MEDIUMCVSS 6.5fixed in mediawiki 1:1.31.1-1 (bookworm)2018
CVE-2018-0505 [MEDIUM] CVE-2018-0505: mediawiki - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where Bo... Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock Scope: local bookworm: resolved (fixed in 1:1.31.1-1) bullseye: resolved (fixed in 1:1.31.1-1) forky: resolved (fixed in 1:1.31.1-1) sid: resolved (fixed in 1:1.31.1-1) trixie: resolved (fixed in 1:1.31.1-1)
debian
CVE-2018-0503MEDIUMCVSS 4.3fixed in mediawiki 1:1.31.1-1 (bookworm)2018
CVE-2018-0503 [MEDIUM] CVE-2018-0503: mediawiki - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where co... Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. Scope: local bookworm: resolved (fixed in 1:1.31.1-1) bullseye: resolved (fixed in 1:1.31.1-1) forky: resolved (fixed in 1:1.31.1-1) sid: resolved (fixed in 1:1.31.1-1) trixie: resolved (fixed in 1
debian
CVE-2018-13258LOWCVSS 5.32018
CVE-2018-13258 [MEDIUM] CVE-2018-13258: mediawiki - Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used... Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2017-0372CRITICALCVSS 9.8PoCfixed in mediawiki 1:1.27.3-1 (bookworm)2017
CVE-2017-0372 [CRITICAL] CVE-2017-0372: mediawiki - Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.1... Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. Scope: local bookworm: resolved (fixed in 1:1.27.3-1) bullseye: resolved (fixed in 1:1.27.3-1) forky: resolved (fixed in 1:1.27.3-1) sid: resolved (fixed in 1:1.27.3-1) trixie: resolved (fixed in 1:1.27.3-1)
debian
CVE-2017-8809CRITICALCVSS 9.8fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8809 [CRITICAL] CVE-2017-8809: mediawiki - api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29... api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. Scope: local bookworm: resolved (fixed in 1:1.27.4-1) bullseye: resolved (fixed in 1:1.27.4-1) forky: resolved (fixed in 1:1.27.4-1) sid: resolved (fixed in 1:1.27.4-1) trixie: resolved (fixed in 1:1.27.4-1)
debian
CVE-2017-8810HIGHCVSS 7.5fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8810 [HIGH] CVE-2017-8810: mediawiki - MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a ... MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. Scope: local bookworm: resolved (fixed in 1
debian
CVE-2017-0362HIGHCVSS 8.8fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0362 [HIGH] CVE-2017-0362: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all p... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-0371HIGHCVSS 7.5fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0371 [HIGH] CVE-2017-0371: mediawiki - MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before... MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved
debian
CVE-2017-0367HIGHCVSS 8.8fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0367 [HIGH] CVE-2017-0367: mediawiki - Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, ... Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27
debian
CVE-2017-8814HIGHCVSS 7.5fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8814 [HIGH] CVE-2017-8814: mediawiki - The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.2... The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." Scope: local bookworm: resolved (fixed in 1:1.27.4-1) bullseye: resolved (fixed in 1:1.27.4-1) forky: resolved (fixed in 1:1.27.4-1) sid: resolved (fixed in 1:1.27.4-1) trixi
debian
CVE-2017-8815HIGHCVSS 7.5fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8815 [HIGH] CVE-2017-8815: mediawiki - The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.2... The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. Scope: local bookworm: resolved (fixed in 1:1.27.4-1) bullseye: resolved (fixed in 1:1.27.4-1) forky: resolved (fixed in 1:1.27.4-1) sid: resolved (fixed in 1:1.27.4-1) trixie: resolved (fixed in 1:1.27.4-1)
debian
CVE-2017-0361HIGHCVSS 7.8fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0361 [HIGH] CVE-2017-0361: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure fl... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-0365MEDIUMCVSS 4.7fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0365 [MEDIUM] CVE-2017-0365: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in Searc... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-8811MEDIUMCVSS 6.1fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8811 [MEDIUM] CVE-2017-8811: mediawiki - The implementation of raw message parameter expansion in MediaWiki before 1.27.4... The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. Scope: local bookworm: resolved (fixed in 1:1.27.4-1) bullseye: resolved (fixed in 1:1.27.4-1) forky: resolved (fixed in 1:1.27.4-1) sid: resolved (fixed in 1:1.27.4-1) trixie: resolved (fixed in 1:1.27.4-1)
debian
CVE-2017-0369MEDIUMCVSS 6.5fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0369 [MEDIUM] CVE-2017-0369: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-0366MEDIUMCVSS 5.4fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0366 [MEDIUM] CVE-2017-0366: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-0364MEDIUMCVSS 6.1fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0364 [MEDIUM] CVE-2017-0364: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search ... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-0368MEDIUMCVSS 5.3fixed in mediawiki 1:1.27.2-1 (bookworm)2017
CVE-2017-0368 [MEDIUM] CVE-2017-0368: mediawiki - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode a... Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages. Scope: local bookworm: resolved (fixed in 1:1.27.2-1) bullseye: resolved (fixed in 1:1.27.2-1) forky: resolved (fixed in 1:1.27.2-1) sid: resolved (fixed in 1:1.27.2-1) trixie: resolved (fixed in 1:1.27.2-1)
debian
CVE-2017-8808MEDIUMCVSS 6.1fixed in mediawiki 1:1.27.4-1 (bookworm)2017
CVE-2017-8808 [MEDIUM] CVE-2017-8808: mediawiki - MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS ... MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. Scope: local bookworm: resolved (fixed in 1:1.27.4-1) bullseye: resolved (fixed in 1:1.27.4-1) forky: resolved (fixed in 1:1.27.4-1) sid: resolved (fixed in 1:1.27.4-1) trixie: resolved (
debian
← Previous8 / 16Next →
Debian Mediawiki vulnerabilities | cvebase