This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
09910d76-4c82-11df-83fb-0015587e2cc1 | fetchmail -- denial of service vulnerability Fetchmail developer Matthias Andree reported a vulnerability that allows remote attackers to crash the application when it is runs in verbose mode.
Discovery 2010-04-18 Entry 2010-04-20 fetchmail ge 4.6.3 le 6.3.16 CVE-2010-1167 ports/145857 http://gitorious.org/fetchmail/fetchmail/commit/ec06293 http://seclists.org/oss-sec/2010/q2/76 |
168190df-3e9a-11dd-87bc-000ea69a5213 | fetchmail -- potential crash in -v -v verbose mode Matthias Andree reports:
Discovery 2008-06-13 Entry 2008-06-20 fetchmail < 6.3.8_6 CVE-2008-2711 http://www.fetchmail.info/fetchmail-SA-2008-01.txt |
18ce9a90-f269-11e1-be53-080027ef73ec | fetchmail -- chosen plaintext attack against SSL CBC initialization vectors Matthias Andree reports:
Discovery 2012-01-19 Entry 2012-08-30 fetchmail ge 6.3.9 lt 6.3.22 CVE-2011-3389 |
1d6410e8-06c1-11ec-a35d-03ca114d16d6 | fetchmail -- STARTTLS bypass vulnerabilities Problem:
Discovery 2021-08-10 Entry 2021-08-26 fetchmail < 6.4.22.r1 CVE-2021-39272 https://www.fetchmail.info/fetchmail-SA-2021-02.txt |
1e8e63c0-478a-11dd-a88d-000ea69a5213 | fetchmail -- potential crash in -v -v verbose mode (revised patch) Matthias Andree reports:
Discovery 2008-06-24 Entry 2008-07-01 fetchmail < 6.3.8_7 CVE-2008-2711 http://www.fetchmail.info/fetchmail-SA-2008-01.txt |
2a6a966f-1774-11df-b5c1-0026189baca3 | fetchmail -- heap overflow on verbose X.509 display Matthias Andree reports:
Discovery 2010-02-04 Entry 2010-02-12 fetchmail ge 6.3.11 lt 6.3.14 38088 CVE-2010-0562 http://www.fetchmail.info/fetchmail-SA-2010-01.txt https://lists.berlios.de/pipermail/fetchmail-announce/2010-February/000073.html |
3497d7be-2fef-45f4-8162-9063751b573a | fetchmail -- remote root/code injection from malicious POP3 server fetchmail's POP3/UIDL code does not truncate received UIDs properly. A malicious or compromised POP3 server can thus corrupt fetchmail's stack and inject code when fetchmail is using UIDL, either through configuration, or as a result of certain server capabilities. Note that fetchmail is run as root on some sites, so an attack might compromise the root account and thus the whole machine. Discovery 2005-07-20 Entry 2005-07-20 Modified 2005-07-21 fetchmail < 6.2.5.1 CVE-2005-2335 ports/83805 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762 http://www.fetchmail.info/fetchmail-SA-2005-01.txt |
37e30313-9d8c-11db-858b-0060084a00e5 | fetchmail -- crashes when refusing a message bound for an MDA Matthias Andree reports:
Discovery 2007-01-04 Entry 2007-01-06 fetchmail ge 6.3.5 lt 6.3.6 CVE-2006-5974 http://www.fetchmail.info/fetchmail-SA-2006-03.txt |
3f4ac724-fa8b-11d9-afcf-0060084a00e5 | fetchmail -- denial of service/crash from malicious POP3 server In fetchmail 6.2.5.1, the remote code injection via POP3 UIDL was fixed, but a denial of service attack was introduced: Two possible NULL-pointer dereferences allow a malicious POP3 server to crash fetchmail by respondig with UID lines containing only the article number but no UID (in violation of RFC-1939), or a message without Message-ID when no UIDL support is available. Discovery 2005-07-21 Entry 2005-07-22 fetchmail eq 6.2.5.1 http://lists.berlios.de/pipermail/fetchmail-devel/2005-July/000397.html http://www.fetchmail.info/fetchmail-SA-2005-01.txt |
45500f74-5947-11dc-87c1-000e2e5785ad | fetchmail -- denial of service on reject of local warning message Matthias Andree reports:
Discovery 2007-07-29 Entry 2007-09-02 fetchmail ge 4.6.8 lt 6.3.8_4 CVE-2007-4565 http://www.fetchmail.info/fetchmail-SA-2007-02.txt |
5179d85c-8683-11de-91b9-0022157515b2 | fetchmail -- improper SSL certificate subject verification Matthias Andree reports:
Discovery 2009-08-06 Entry 2009-08-11 Modified 2009-08-13 fetchmail < 6.3.11 CVE-2009-2666 http://www.fetchmail.info/fetchmail-SA-2009-01.txt |
5238ac45-9d8c-11db-858b-0060084a00e5 | fetchmail -- TLS enforcement problem/MITM attack/password exposure Matthias Andree reports:
Discovery 2007-01-04 Entry 2007-01-06 fetchmail < 6.3.6 CVE-2006-5867 http://www.fetchmail.info/fetchmail-SA-2006-02.txt |
83f9e943-e664-11e1-a66d-080027ef73ec | fetchmail -- two vulnerabilities in NTLM authentication Matthias Andree reports:
Discovery 2012-08-12 Entry 2012-08-14 Modified 2012-08-27 fetchmail ge 5.0.8 lt 6.3.21_1 CVE-2012-3482 |
ac4b9d18-67a9-11d8-80e3-0020ed76ef5a | fetchmail -- denial-of-service vulnerability Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c. Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was fixed there. Discovery 2003-10-16 Entry 2004-02-25 Modified 2012-09-04 fetchmail < 6.2.5 CVE-2003-0792 8843 http://xforce.iss.net/xforce/xfdb/13450 http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/fetchmail/patches/Attic/patch-rfc822_c?rev=1.1 |
af0296be-2455-11d8-82e5-0020ed76ef5a | fetchmail -- address parsing vulnerability Fetchmail can be crashed by a malicious email message. Discovery 2003-10-25 Entry 2003-10-25 Modified 2012-09-04 fetchmail le 6.2.0 http://security.e-matters.de/advisories/052002.html |
baf74e0b-497a-11da-a4f4-0060084a00e5 | fetchmail -- fetchmailconf local password exposure The fetchmail team reports:
Discovery 2005-10-21 Entry 2005-10-30 fetchmail < 6.2.5.2_1 CVE-2005-3088 http://www.fetchmail.info/fetchmail-SA-2005-02.txt |
cbfd1874-efea-11eb-8fe9-036bd763ff35 | fetchmail -- 6.4.19 and older denial of service or information disclosure Matthias Andree reports:
Discovery 2021-07-07 Entry 2021-07-28 Modified 2021-08-03 fetchmail < 6.3.9 ge 6.3.17 lt 6.4.20 CVE-2021-36386 CVE-2008-2711 https://sourceforge.net/p/fetchmail/mailman/message/37327392/ |
f11d3b22-88c6-11da-a7b2-0060084a00e5 | fetchmail -- crash when bouncing a message Matthias Andree reports:
Discovery 2006-01-22 Entry 2006-01-23 fetchmail ge 6.3.0 lt 6.3.2 CVE-2006-0321 http://www.fetchmail.info/fetchmail-SA-2006-01.txt http://bugs.debian.org/348747 |
f1c4d133-e6d3-11db-99ea-0060084a00e5 | fetchmail -- insecure APOP authentication Matthias Andree reports:
Discovery 2007-04-06 Entry 2007-04-09 fetchmail < 6.3.8 CVE-2007-1558 http://www.fetchmail.info/fetchmail-SA-2007-01.txt |
f7d838f2-9039-11e0-a051-080027ef73ec | fetchmail -- STARTTLS denial of service Matthias Andree reports:
Discovery 2011-04-28 Entry 2011-06-06 fetchmail < 6.3.20 CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt https://gitorious.org/fetchmail/fetchmail/commit/7dc67b8cf06f74aa57525279940e180c99701314 |
f7eb0b23-7099-11da-a15c-0060084a00e5 | fetchmail -- null pointer dereference in multidrop mode with headerless email The fetchmail team reports:
Discovery 2005-12-19 Entry 2005-12-19 fetchmail < 6.3.1 CVE-2005-4348 http://www.fetchmail.info/fetchmail-SA-2005-03.txt http://article.gmane.org/gmane.mail.fetchmail.user/7573 http://bugs.debian.org/343836 |