FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e2b564fc-7462-11ea-af63-38d547003487cacti -- multiple vulnerabilities

The Cacti developers reports:

When guest users have access to realtime graphs, remote code could be executed (CVE-2020-8813).

Lack of escaping on some pages can lead to XSS exposure (CVE-2020-7106).

Remote Code Execution due to input validation failure in Performance Boost Debug Log (CVE-2020-7237).


Discovery 2020-02-04
Entry 2020-04-02
cacti
< 1.2.10

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10
https://nvd.nist.gov/vuln/detail/CVE-2020-8813
https://nvd.nist.gov/vuln/detail/CVE-2020-7106
https://nvd.nist.gov/vuln/detail/CVE-2020-7237
CVE-2020-8813
CVE-2020-7106
CVE-2020-7237
ports/245198
e4cd0b38-c9f9-11eb-87e1-08002750c711cacti -- SQL Injection was possible due to incorrect validation order

Cati team reports:

Due to a lack of validation, data_debug.php can be the source of a SQL injection.


Discovery 2020-12-24
Entry 2021-06-10
Modified 2021-06-24
cacti
ge 1.2 lt 1.2.17

CVE-2020-35701
https://github.com/Cacti/cacti/issues/4022
86224a04-26de-11ea-97f2-001a8c5c04b6cacti -- multiple vulnerabilities

The cacti developers reports:

When viewing graphs, some input variables are not properly checked (SQL injection possible).

Multiple instances of lib/functions.php are affected by unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.


Discovery 2019-10-12
Entry 2020-01-06
cacti
< 1.2.8

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.8
CVE-2019-17357
CVE-2019-17358
ports/242834
ed18aa92-e4f4-11e9-b6fa-3085a9a95629cacti -- Authenticated users may bypass authorization checks

The cacti developers reports:

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.


Discovery 2019-09-23
Entry 2019-10-02
cacti
< 1.2.7

CVE-2019-16723
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.7
cd2dc126-cfe4-11ea-9172-4c72b94353b5Cacti -- multiple vulnerabilities

Cacti developers reports:

Multiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).

PHPMail contains a escaping bug (CVE-2020-13625).

SQL Injection via color.php in Cacti (CVE-2020-14295).


Discovery 2020-07-15
Entry 2020-07-27
cacti
< 1.2.13

https://www.cacti.net/release_notes.php?version=1.2.13
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
CVE-2020-11022
CVE-2020-11023
CVE-2020-13625
CVE-2020-14295
59c284f4-8d2e-11ed-9ce0-b42e991fc52enet-mgmt/cacti is vulnerable to remote command injection

cacti team reports:

A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.


Discovery 2022-12-05
Entry 2023-01-05
Modified 2023-01-09
cacti
< 1.2.23

CVE-2022-46169
https://nvd.nist.gov/vuln/detail/CVE-2022-46169
cd864f1a-8e5a-11ea-b5b4-641c67a117d8cacti -- XSS exposure

Cacti developer reports:

Lack of escaping of color items can lead to XSS exposure.


Discovery 2020-04-16
Entry 2020-05-04
cacti
< 1.2.12

https://sourceforge.net/p/cacti/mailman/message/37000502/
https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG
CVE-2020-7106
ports/246164