This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
06ed6a49-bad4-11ec-9cfe-0800270512f4 | Ruby -- Buffer overrun in String-to-Float conversion piao reports:
Discovery 2022-04-12 Entry 2022-04-13 ruby ge 2.7.0,1 lt 2.7.6,1 ge 3.0.0,1 lt 3.0.4,1 ge 3.1.0,1 lt 3.1.2,1 ge 3.2.0.p1,1 lt 3.2.0.p1_1,1 ruby27 ge 2.7.0,1 lt 2.7.6,1 ruby30 ge 3.0.0,1 lt 3.0.4,1 ruby31 ge 3.1.0,1 lt 3.1.2,1 ruby32 ge 3.2.0.p1,1 lt 3.2.0.p1_1,1 CVE-2022-28739 https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ |
2c6af5c3-4d36-11ec-a539-0800270512f4 | rubygem-cgi -- buffer overrun in CGI.escape_html chamal reports:
Discovery 2021-11-24 Entry 2021-11-24 ruby ge 2.7.0,1 lt 2.7.5,1 ge 3.0.0,1 lt 3.0.3,1 ruby27 ge 2.7.0,1 lt 2.7.5,1 ruby30 ge 3.0.0,1 lt 3.0.3,1 rubygem-cgi < 0.3.1 CVE-2021-41816 https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ |
4548ec97-4d38-11ec-a539-0800270512f4 | rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse ooooooo_q reports:
Discovery 2021-11-24 Entry 2021-11-24 ruby ge 2.6.0,1 lt 2.6.9,1 ge 2.7.0,1 lt 2.7.5,1 ge 3.0.0,1 lt 3.0.3,1 ruby26 ge 2.6.0,1 lt 2.6.9,1 ruby27 ge 2.7.0,1 lt 2.7.5,1 ruby30 ge 3.0.0,1 lt 3.0.3,1 rubygem-cgi < 0.3.1 CVE-2021-41819 https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ |
6916ea94-4628-11ec-bbe2-0800270512f4 | rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods Stanislav Valkanov reports:
Discovery 2021-11-15 Entry 2021-11-15 Modified 2021-11-24 ruby ge 2.6.0,1 lt 2.6.9,1 ge 2.7.0,1 lt 2.7.5,1 ge 3.0.0,1 lt 3.0.3,1 ruby26 ge 2.6.0,1 lt 2.6.9,1 ruby27 ge 2.7.0,1 lt 2.7.5,1 ruby30 ge 3.0.0,1 lt 3.0.3,1 rubygem-date < 3.2.1 CVE-2021-41817 https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ |
6bd2773c-cf1a-11ed-bd44-080027f5fec9 | rubygem-time -- ReDoS vulnerability ooooooo_q reports:
Discovery 2023-03-30 Entry 2023-03-30 ruby ge 2.7.0,1 lt 2.7.8,1 ge 3.0.0,1 lt 3.0.6,1 ge 3.1.0,1 lt 3.1.4,1 ge 3.2.0.p1,1 lt 3.2.2,1 ruby27 ge 2.7.0,1 lt 2.7.8,1 ruby30 ge 3.0.0,1 lt 3.0.6,1 ruby31 ge 3.1.0,1 lt 3.1.4,1 ruby32 ge 3.2.0.p1,1 lt 3.2.2,1 rubygem-time < 0.2.2 CVE-2023-28756 https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ |
84ab03b6-6c20-11ed-b519-080027f5fec9 | rubygem-cgi -- HTTP response splitting vulnerability Hiroshi Tokumaru reports:
Discovery 2022-11-22 Entry 2022-11-24 rubygem-cgi < 0.3.4 ruby ge 2.7.0,1 lt 2.7.7,1 ge 3.0.0,1 lt 3.0.5,1 ge 3.1.0,1 lt 3.1.3,1 ge 3.2.0.p1,1 lt 3.2.0.r1,1 ruby27 ge 2.7.0,1 lt 2.7.7,1 ruby30 ge 3.0.0,1 lt 3.0.5,1 ruby31 ge 3.1.0,1 lt 3.1.3,1 ruby32 ge 3.2.0.p1,1 lt 3.2.0.r1,1 CVE-2021-33621 https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ |
9b60bba1-cf18-11ed-bd44-080027f5fec9 | rubygem-uri -- ReDoS vulnerability Dominic Couture reports:
Discovery 2023-03-28 Entry 2023-03-30 ruby ge 2.7.0,1 lt 2.7.8,1 ge 3.0.0,1 lt 3.0.6,1 ge 3.1.0,1 lt 3.1.4,1 ge 3.2.0.p1,1 lt 3.2.2,1 ruby27 ge 2.7.0,1 lt 2.7.8,1 ruby30 ge 3.0.0,1 lt 3.0.6,1 ruby31 ge 3.1.0,1 lt 3.1.4,1 ruby32 ge 3.2.0.p1,1 lt 3.2.2,1 rubygem-uri < 0.12.1 CVE-2023-28755 https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ |