This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
ed688880-00c4-11ef-92b7-589cfc023192 | GLPI -- multiple vulnerabilities GLPI team reports:
Discovery 2023-12-13 Entry 2024-04-22 glpi < 10.0.11,1 CVE-2023-43813 CVE-2023-46727 CVE-2023-46726 https://github.com/glpi-project/glpi/releases/tag/10.0.11 |
7f163c81-3b12-11eb-af2a-080027dbe4b7 | glpi -- SQL injection for all usages of "Clone" feature MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi ge 9.5.0,1 lt 9.5.1,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba https://github.com/glpi-project/glpi/pull/6684 CVE-2020-15108 |
675e5098-3b15-11eb-af2a-080027dbe4b7 | glpi -- Unauthenticated File Deletion MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65 CVE-2020-15175 |
bb49f1fa-00da-11ef-92b7-589cfc023192 | GLPI -- multiple vulnerabilities GLPI team reports:
Discovery 2024-03-13 Entry 2024-04-22 glpi < 10.0.13,1 CVE-2024-27096 CVE-2024-27098 CVE-2024-27104 CVE-2024-27914 CVE-2024-27930 CVE-2024-27937 https://github.com/glpi-project/glpi/releases/tag/10.0.13 |
09eef008-3b16-11eb-af2a-080027dbe4b7 | glpi -- Unauthenticated Stored XSS MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796 https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79 CVE-2020-15177 |
68958e18-ed94-11ed-9688-b42e991fc52e | glpi -- multiple vulnerabilities glpi Project reports:
Discovery 2023-03-20 Entry 2023-05-08 Modified 2024-04-25 glpi < 10.0.7,1 CVE-2023-28849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28849 CVE-2023-28632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28632 CVE-2023-28838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28838 CVE-2023-28852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28852 CVE-2023-28636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28636 CVE-2023-28639 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28639 CVE-2023-28634 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28634 |
d3f60db0-3aea-11eb-af2a-080027dbe4b7 | glpi -- Account takeover vulnerability MITRE Corporation reports:
Discovery 2019-08-05 Entry 2019-08-05 Modified 2024-04-25 glpi < 9.4.4,1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14666 https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q https://www.tarlogic.com/advisories/Tarlogic-2019-GPLI-Account-Takeover.txt CVE-2019-14666 |
d222241d-91cc-11ea-82b8-4c72b94353b5 | glpi -- stored XSS MITRE Corporation reports:
Discovery 2019-02-25 Entry 2020-05-09 Modified 2024-04-25 glpi < 9.4.3,1 https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_stored_XSS.pdf https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239 CVE-2019-13239 |
6a467439-3b38-11eb-af2a-080027dbe4b7 | glpi -- Any CalDAV calendars is read-only for every authenticated user MITRE Corporation reports:
Discovery 2020-10-01 Entry 2020-10-01 Modified 2024-04-25 glpi ge 9.5.0,1 lt 9.5.3,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw3-87hr-5wgx https://github.com/glpi-project/glpi/commit/527280358ec78988ac57e9809d2eb21fcd74caf7 https://github.com/glpi-project/glpi/releases/tag/9.5.3 CVE-2020-26212 |
09eef008-3b16-11eb-af2a-080027dbe4b7 | glpi -- Unauthenticated Stored XSS MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796 https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79 CVE-2020-15177 |
faccf131-00d9-11ef-92b7-589cfc023192 | GLPI -- multiple vulnerabilities GLPI team reports:
Discovery 2024-02-01 Entry 2024-04-22 glpi < 10.0.12,1 CVE-2024-23645 CVE-2023-51446 https://github.com/glpi-project/glpi/releases/tag/10.0.12 |
b64edef7-3b10-11eb-af2a-080027dbe4b7 | glpi -- weak csrf tokens MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi ge 0.83.3,1 lt 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/ CVE-2020-11035 |
aec9cbe0-3b0f-11eb-af2a-080027dbe4b7 | glpi -- able to read any token through API user endpoint MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi ge 9.1,1 lt 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/ CVE-2020-11033 |
695b2310-3b3a-11eb-af2a-080027dbe4b7 | glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php MITRE Corporation reports:
Discovery 2020-10-22 Entry 2020-10-22 Modified 2024-04-25 glpi < 9.5.3,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4 CVE-2020-27663 |
b3aae7ea-3aef-11eb-af2a-080027dbe4b7 | glpi -- SQL injection for all helpdesk instances MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh CVE-2020-11032 |
b7abdb0f-3b15-11eb-af2a-080027dbe4b7 | glpi -- Multiple SQL Injections Stemming From isNameQuoted() MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575 https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw CVE-2020-15176 |
832fd11b-3b11-11eb-af2a-080027dbe4b7 | glpi -- Remote Code Execution (RCE) via the backup functionality MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c CVE-2020-11060 |
190176ce-3b3a-11eb-af2a-080027dbe4b7 | glpi -- Insecure Direct Object Reference on ajax/comments.ph MITRE Corporation reports:
Discovery 2020-10-22 Entry 2020-10-22 Modified 2024-04-25 glpi < 9.5.3,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-wq38-gwxp-8p5p CVE-2020-27662 |
27a230a2-3b11-11eb-af2a-080027dbe4b7 | glpi -- multiple related stored XSS vulnerabilities MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/ CVE-2020-11036 |
07aecafa-3b12-11eb-af2a-080027dbe4b7 | glpi -- Reflexive XSS in Dropdown menus MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf CVE-2020-11062 |
07aecafa-3b12-11eb-af2a-080027dbe4b7 | glpi -- Reflexive XSS in Dropdown menus MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf CVE-2020-11062 |
b7abdb0f-3b15-11eb-af2a-080027dbe4b7 | glpi -- Multiple SQL Injections Stemming From isNameQuoted() MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575 https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw CVE-2020-15176 |
b3695b08-3b3a-11eb-af2a-080027dbe4b7 | glpi -- Public GLPIKEY can be used to decrypt any data MITRE Corporation reports:
Discovery 2020-01-02 Entry 2020-01-02 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9 https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c CVE-2020-5248 |
3a63f478-3b10-11eb-af2a-080027dbe4b7 | glpi -- bypass of the open redirect protection MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.4.6,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/ CVE-2020-11034 |
0309c898-3aed-11eb-af2a-080027dbe4b7 | glpi -- Improve encryption algorithm MITRE Corporation reports:
Discovery 2020-03-30 Entry 2020-03-30 Modified 2024-04-25 glpi < 9.5.0,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780 https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780 CVE-2020-11031 |
0ba61fcc-3b38-11eb-af2a-080027dbe4b7 | glpi -- SQL Injection in Search API MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi ge 9.1,1 lt 9.5.2,1 https://github.com/glpi-project/glpi/commit/3dc4475c56b241ad659cc5c7cb5fb65727409cf0 https://github.com/glpi-project/glpi/security/advisories/GHSA-jwpv-7m4h-5gvc CVE-2020-15226 |
5acd95db-3b16-11eb-af2a-080027dbe4b7 | glpi -- leakage issue with knowledge base MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi ge 9.5.0,1 lt 9.5.2,1 https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2 https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv CVE-2020-15217 |
675e5098-3b15-11eb-af2a-080027dbe4b7 | glpi -- Unauthenticated File Deletion MITRE Corporation reports:
Discovery 2020-06-25 Entry 2020-06-25 Modified 2024-04-25 glpi < 9.5.2,1 https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65 CVE-2020-15175 |
7c769c89-53c2-11e1-8e52-00163e22ef61 | glpi -- remote attack via crafted POST request The GLPI project reports:
Discovery 2011-07-20 Entry 2012-02-10 Modified 2013-06-19 glpi < 0.80.2 http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en https://forge.indepnet.net/issues/3017 CVE-2011-2720 |