Mediawiki : Security Vulnerabilities, CVEs, Published In 2015 (Denial of service) CVSS score >= 6
The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.
Max CVSS
6.8
EPSS Score
0.25%
Published
2015-11-09
Updated
2015-11-10
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.
Max CVSS
7.1
EPSS Score
3.26%
Published
2015-04-13
Updated
2016-12-07
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.
Max CVSS
7.1
EPSS Score
3.65%
Published
2015-04-13
Updated
2016-12-07
MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.
Max CVSS
7.1
EPSS Score
3.65%
Published
2015-04-13
Updated
2016-12-07
4 vulnerabilities found