FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
83b38a2c-413e-11e5-bfcf-6805ca0b3d42	RT -- two XSS vulnerabilities Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. Discovery 2015-08-12 Entry 2015-08-12 Modified 2015-08-18 rt42 ge 4.2.0 lt 4.2.12 rt40 ge 4.0.0 lt 4.0.24 CVE-2015-5475 CVE-2015-6506 http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
7a92e958-5207-11e7-8d7c-6805ca0b3d42	rt and dependent modules -- multiple security vulnerabilities BestPractical reports: Please reference CVE/URL list for details Discovery 2017-06-15 Entry 2017-06-15 rt42 ge 4.2.0 lt 4.2.13_1 rt44 ge 4.4.0 lt 4.4.1_1 p5-RT-Authen-ExternalAuth ge 0.9 lt 0.27 http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html CVE-2015-7686 CVE-2016-6127 CVE-2017-5361 CVE-2017-5943 CVE-2017-5944
416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42	rt -- XSS via jQuery BestPractical reports: The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version. Discovery 2019-03-05 Entry 2019-03-06 rt42 ge 4.2.0 lt 4.2.16 rt44 ge 4.4.0 lt 4.4.4 https://docs.bestpractical.com/release-notes/rt/4.4.4 https://docs.bestpractical.com/release-notes/rt/4.2.16 CVE-2015-9251

VuXML ID

Description

83b38a2c-413e-11e5-bfcf-6805ca0b3d42

RT -- two XSS vulnerabilities

Best Practical reports:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected.

Discovery 2015-08-12
Entry 2015-08-12
Modified 2015-08-18
rt42

ge 4.2.0 lt 4.2.12

rt40

ge 4.0.0 lt 4.0.24

CVE-2015-5475
CVE-2015-6506
http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html

7a92e958-5207-11e7-8d7c-6805ca0b3d42

rt and dependent modules -- multiple security vulnerabilities

BestPractical reports:

Please reference CVE/URL list for details

Discovery 2017-06-15
Entry 2017-06-15
rt42

ge 4.2.0 lt 4.2.13_1

rt44

ge 4.4.0 lt 4.4.1_1

p5-RT-Authen-ExternalAuth

ge 0.9 lt 0.27

http://lists.bestpractical.com/pipermail/rt-announce/2017-June/000297.html
CVE-2015-7686
CVE-2016-6127
CVE-2017-5361
CVE-2017-5943
CVE-2017-5944

416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42

rt -- XSS via jQuery

BestPractical reports:

The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version.

Discovery 2019-03-05
Entry 2019-03-06
rt42

ge 4.2.0 lt 4.2.16

rt44

ge 4.4.0 lt 4.4.4

https://docs.bestpractical.com/release-notes/rt/4.4.4
https://docs.bestpractical.com/release-notes/rt/4.2.16
CVE-2015-9251