FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6	ejabberd -- remote denial of service vulnerability It's reported in CVE advisory that: expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Discovery 2011-04-27 Entry 2011-06-24 ejabberd < 2.1.7 CVE-2011-1753 http://www.ejabberd.im/ejabberd-2.1.7
a04a3c13-4932-11df-83fb-0015587e2cc1	ejabberd -- queue overload denial of service vulnerability The Red Hat security response team reports: A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found. Discovery 2010-01-29 Entry 2010-04-19 ejabberd < 2.1.3 38003 CVE-2010-0305 http://secunia.com/advisories/38337 http://support.process-one.net/browse/EJAB-1173 http://www.openwall.com/lists/oss-security/2010/01/29/1 http://xforce.iss.net/xforce/xfdb/56025
cf91c1e4-2b6d-11de-931b-00e0815b8da8	ejabberd -- cross-site scripting vulnerability SecurityFocus reports: The ejabberd application is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials. Discovery 2009-03-16 Entry 2009-04-17 ejabberd < 2.0.4 34133 CVE-2009-0934

VuXML ID

Description

01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6

ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that:

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Discovery 2011-04-27
Entry 2011-06-24
ejabberd

< 2.1.7

CVE-2011-1753
http://www.ejabberd.im/ejabberd-2.1.7

a04a3c13-4932-11df-83fb-0015587e2cc1

ejabberd -- queue overload denial of service vulnerability

The Red Hat security response team reports:

A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found.

Discovery 2010-01-29
Entry 2010-04-19
ejabberd

< 2.1.3

38003
CVE-2010-0305
http://secunia.com/advisories/38337
http://support.process-one.net/browse/EJAB-1173
http://www.openwall.com/lists/oss-security/2010/01/29/1
http://xforce.iss.net/xforce/xfdb/56025

cf91c1e4-2b6d-11de-931b-00e0815b8da8

ejabberd -- cross-site scripting vulnerability

SecurityFocus reports:

The ejabberd application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Discovery 2009-03-16
Entry 2009-04-17
ejabberd

< 2.0.4

34133
CVE-2009-0934