FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
83b38a2c-413e-11e5-bfcf-6805ca0b3d42	RT -- two XSS vulnerabilities Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. Discovery 2015-08-12 Entry 2015-08-12 Modified 2015-08-18 rt42 ge 4.2.0 lt 4.2.12 rt40 ge 4.0.0 lt 4.0.24 CVE-2015-5475 CVE-2015-6506 http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
d08f6002-c588-11e4-8495-6805ca0b3d42	rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities Best Practical reports: RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This denial-of-service may encompass both CPU and disk usage, depending on RT's logging configuration. This vulnerability is assigned CVE-2014-9472. RT 3.8.8 and above are vulnerable to an information disclosure attack which may reveal RSS feeds URLs, and thus ticket data; this vulnerability is assigned CVE-2015-1165. RSS feed URLs can also be leveraged to perform session hijacking, allowing a user with the URL to log in as the user that created the feed; this vulnerability is assigned CVE-2015-1464. Discovery 2015-02-26 Entry 2015-03-08 rt42 ge 4.2.0 lt 4.2.10 rt40 ge 4.0.0 lt 4.0.23 http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html CVE-2014-9472 CVE-2015-1165 CVE-2015-1464

VuXML ID

Description

83b38a2c-413e-11e5-bfcf-6805ca0b3d42

RT -- two XSS vulnerabilities

Best Practical reports:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.

Discovery 2015-08-12
Entry 2015-08-12
Modified 2015-08-18
rt42

ge 4.2.0 lt 4.2.12

rt40

ge 4.0.0 lt 4.0.24

CVE-2015-5475
CVE-2015-6506
http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html

d08f6002-c588-11e4-8495-6805ca0b3d42

rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities

Best Practical reports:

RT 3.0.0 and above, if running on Perl 5.14.0 or higher, are vulnerable to a remote denial-of-service via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This denial-of-service may encompass both CPU and disk usage, depending on RT's logging configuration. This vulnerability is assigned CVE-2014-9472.

RT 3.8.8 and above are vulnerable to an information disclosure attack which may reveal RSS feeds URLs, and thus ticket data; this vulnerability is assigned CVE-2015-1165. RSS feed URLs can also be leveraged to perform session hijacking, allowing a user with the URL to log in as the user that created the feed; this vulnerability is assigned CVE-2015-1464.

Discovery 2015-02-26
Entry 2015-03-08
rt42

ge 4.2.0 lt 4.2.10

rt40

ge 4.0.0 lt 4.0.23

http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html
CVE-2014-9472
CVE-2015-1165
CVE-2015-1464