FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
59c284f4-8d2e-11ed-9ce0-b42e991fc52enet-mgmt/cacti is vulnerable to remote command injection

cacti team reports:

A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.


Discovery 2022-12-05
Entry 2023-01-05
Modified 2023-01-09
cacti
< 1.2.23

CVE-2022-46169
https://nvd.nist.gov/vuln/detail/CVE-2022-46169
cd2dc126-cfe4-11ea-9172-4c72b94353b5Cacti -- multiple vulnerabilities

Cacti developers reports:

Multiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).

PHPMail contains a escaping bug (CVE-2020-13625).

SQL Injection via color.php in Cacti (CVE-2020-14295).


Discovery 2020-07-15
Entry 2020-07-27
cacti
< 1.2.13

https://www.cacti.net/release_notes.php?version=1.2.13
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
CVE-2020-11022
CVE-2020-11023
CVE-2020-13625
CVE-2020-14295
cd864f1a-8e5a-11ea-b5b4-641c67a117d8cacti -- XSS exposure

Cacti developer reports:

Lack of escaping of color items can lead to XSS exposure.


Discovery 2020-04-16
Entry 2020-05-04
cacti
< 1.2.12

https://sourceforge.net/p/cacti/mailman/message/37000502/
https://github.com/Cacti/cacti/blob/release/1.2.12/CHANGELOG
CVE-2020-7106
ports/246164
e4cd0b38-c9f9-11eb-87e1-08002750c711cacti -- SQL Injection was possible due to incorrect validation order

Cati team reports:

Due to a lack of validation, data_debug.php can be the source of a SQL injection.


Discovery 2020-12-24
Entry 2021-06-10
Modified 2021-06-24
cacti
ge 1.2 lt 1.2.17

CVE-2020-35701
https://github.com/Cacti/cacti/issues/4022