FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cd2dc126-cfe4-11ea-9172-4c72b94353b5Cacti -- multiple vulnerabilities

Cacti developers reports:

Multiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).

PHPMail contains a escaping bug (CVE-2020-13625).

SQL Injection via color.php in Cacti (CVE-2020-14295).


Discovery 2020-07-15
Entry 2020-07-27
cacti
< 1.2.13

https://www.cacti.net/release_notes.php?version=1.2.13
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
CVE-2020-11022
CVE-2020-11023
CVE-2020-13625
CVE-2020-14295
59c284f4-8d2e-11ed-9ce0-b42e991fc52enet-mgmt/cacti is vulnerable to remote command injection

cacti team reports:

A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.


Discovery 2022-12-05
Entry 2023-01-05
Modified 2023-01-09
cacti
< 1.2.23

CVE-2022-46169
https://nvd.nist.gov/vuln/detail/CVE-2022-46169
ed18aa92-e4f4-11e9-b6fa-3085a9a95629cacti -- Authenticated users may bypass authorization checks

The cacti developers reports:

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.


Discovery 2019-09-23
Entry 2019-10-02
cacti
< 1.2.7

CVE-2019-16723
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7
dc3c66e8-6a18-11e7-93af-005056925db4Cacti -- Cross-site scripting (XSS) vulnerability in link.php

kimiizhang reports:

Cross-site scripting (XSS) vulnerability in link.php in Cacti

1.1.12 allows remote anonymous users to inject arbitrary web

script or HTML via the id parameter.


Discovery 2017-07-05
Entry 2017-07-17
cacti
ge 1.0.0 lt 1.1.13

https://github.com/Cacti/cacti/issues/838
https://www.cacti.net/release_notes.php?version=1.1.13
CVE-2017-10970
db570002-ce06-11e7-804e-c85b763a2f96cacti -- multiple vulnerabilities

cacti reports:

Changelog

issue#1057: CVE-2017-16641 - Potential vulnerability in RRDtool functions

issue#1066: CVE-2017-16660 in remote_agent.php logging function

issue#1066: CVE-2017-16661 in view log file

issue#1071: CVE-2017-16785 in global_session.php Reflection XSS


Discovery 2017-11-01
Entry 2017-11-20
cacti
< 1.1.28

CVE-2017-16641
CVE-2017-16660
CVE-2017-16661
CVE-2017-16785
https://sourceforge.net/p/cacti/mailman/message/36122745/
86224a04-26de-11ea-97f2-001a8c5c04b6cacti -- multiple vulnerabilities

The cacti developers reports:

When viewing graphs, some input variables are not properly checked (SQL injection possible).

Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.


Discovery 2019-10-12
Entry 2020-01-06
cacti
< 1.2.8

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8
CVE-2019-17357
CVE-2019-17358
ports/242834
cd864f1a-8e5a-11ea-b5b4-641c67a117d8cacti -- XSS exposure

Cacti developer reports:

Lack of escaping of color items can lead to XSS exposure.


Discovery 2020-04-16
Entry 2020-05-04
cacti
< 1.2.12

https://sourceforge.net/p/cacti/mailman/message/37000502/
https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG
CVE-2020-7106
ports/246164
e1cb9dc9-daa9-44db-adde-e94d900e2f7fcacti -- Cross Site Scripting issue

cacti developers report:

The file include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.


Discovery 2017-10-10
Entry 2017-10-19
cacti
< 1.1.26

http://www.securitytracker.com/id/1039569
https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
https://github.com/Cacti/cacti/issues/1010
CVE-2017-15194
e2b564fc-7462-11ea-af63-38d547003487cacti -- multiple vulnerabilities

The Cacti developers reports:

When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813).

Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106).

Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237).


Discovery 2020-02-04
Entry 2020-04-02
cacti
< 1.2.10

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10
https://nvd.nist.gov/vuln/detail/CVE-2020-8813
https://nvd.nist.gov/vuln/detail/CVE-2020-7106
https://nvd.nist.gov/vuln/detail/CVE-2020-7237
CVE-2020-8813
CVE-2020-7106
CVE-2020-7237
ports/245198