This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-12 06:36:57 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
0b9af110-d529-11e6-ae1b-002590263bf5 | tomcat -- multiple vulnerabilities The Apache Software Foundation reports:
Discovery 2016-11-22 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.48 tomcat7 < 7.0.73 tomcat8 < 8.0.39 CVE-2016-8735 CVE-2016-6816 ports/214599 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 |
cbceeb49-3bc7-11e6-8e82-002590263bf5 | Apache Commons FileUpload -- denial of service (DoS) vulnerability Mark Thomas reports:
Discovery 2016-06-20 Entry 2016-06-26 Modified 2017-08-10 tomcat7 < 7.0.70 tomcat8 < 8.0.36 apache-struts < 2.5.2 CVE-2016-3092 ports/209669 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E http://jvn.jp/en/jp/JVN89379547/index.html |
676ca486-9c1e-11ea-8b5e-b42e99a1b9c3 | Apache Tomcat Remote Code Execution via session persistence The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control Discovery 2020-05-12 Entry 2020-05-22 tomcat7 < 7.0.104 tomcat85 < 8.5.55 tomcat9 < 9.0.35 tomcat-devel < 10.0.0.M5 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://tomcat.apache.org/security-10.html CVE-2020-9484 |
8b571fb2-f311-11eb-b12b-fc4dd43e2b6a | tomcat -- JNDI Realm Authentication Weakness in multiple versions ilja.farber reports:
Discovery 2021-04-08 Entry 2021-08-01 tomcat7 ge 7.0.0 le 7.0.108 tomcat85 ge 8.5.0 le 8.5.65 tomcat9 ge 9.0.0 le 9.0.45 tomcat10 ge 10.0.0 le 10.0.5 CVE-2021-30640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640 |
e5ec2767-d529-11e6-ae1b-002590263bf5 | tomcat -- information disclosure vulnerability The Apache Software Foundation reports:
Discovery 2017-01-05 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.49 tomcat7 < 7.0.74 tomcat8 < 8.0.40 CVE-2016-8745 ports/215865 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40 |
6a72eff7-ccd6-11ea-9172-4c72b94353b5 | Apache Tomcat -- Multiple Vulnerabilities The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Discovery 2020-07-05 Entry 2020-07-23 Modified 2020-07-23 tomcat7 < 7.0.105 tomcat85 < 8.5.57 tomcat9 < 9.0.37 tomcat-devel < 10.0.0.M7 https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-10.html CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 |
3ae106e2-d521-11e6-ae1b-002590263bf5 | tomcat -- multiple vulnerabilities The Apache Software Foundation reports:
Discovery 2016-10-27 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.47 tomcat7 < 7.0.72 tomcat8 < 8.0.37 CVE-2016-6797 CVE-2016-6796 CVE-2016-6794 CVE-2016-5018 CVE-2016-0762 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37 |