FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
0c14dfa7-879e-11e1-a2a0-00500802d8f7	nginx -- Buffer overflow in the ngx_http_mp4_module The nginx project reports: Buffer overflow in the ngx_http_mp4_module Discovery 2012-04-12 Entry 2012-04-16 nginx < 1.0.15 nginx-devel < 1.1.19 CVE-2012-2089 http://nginx.org/en/security_advisories.html
87679fcb-be60-11e9-9051-4c72b94353b5	NGINX -- Multiple vulnerabilities NGINX Team reports: Several security issues were identified in nginx HTTP/2 implementation which might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the http2 option of the listen directive is used in a configuration file. Discovery 2019-08-13 Entry 2019-08-14 Modified 2019-08-14 nginx < 1.16.1,2 nginx-devel < 1.17.3 http://nginx.org/en/security_advisories.html CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
c1202de8-4b29-11ea-9673-4c72b94353b5	NGINX -- HTTP request smuggling NGINX Team reports: NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. Discovery 2019-12-10 Entry 2020-02-09 nginx < 1.16.1_11,2 nginx-devel < 1.17.7 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372 CVE-2019-20372
29194cb8-6e9f-11e1-8376-f0def16c5c1b	nginx -- potential information leak nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak. Discovery 2012-03-15 Entry 2012-03-15 nginx < 1.0.14,1 nginx-devel < 1.1.17 http://nginx.net/CHANGES
c1c18ee1-c711-11e5-96d6-14dae9d210b8	nginx -- multiple vulnerabilities Maxim Dounin reports: Several problems in nginx resolver were identified, which might allow an attacker to cause worker process crash, or might have potential other impact if the "resolver" directive is used in a configuration file. Discovery 2016-01-26 Entry 2016-01-30 nginx < 1.8.1,2 nginx-devel < 1.9.10 http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
84ca56be-e1de-11e8-bcfd-00e04c1ea73d	NGINX -- Multiple vulnerabilities NGINX Team reports: Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file. A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory isclosure by using a specially crafted mp4 file (CVE-2018-16845). The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the "mp4" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. Discovery 2018-11-06 Entry 2018-11-06 nginx < 1.14.1 nginx-devel < 1.15.6 http://nginx.org/en/security_advisories.html CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
fc28df92-b233-11e3-99ca-f0def16c5c1b	nginx -- SPDY heap buffer overflow The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0133). The problem affects nginx 1.3.15 - 1.5.11, compiled with the ngx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive is used in a configuration file. The problem is fixed in nginx 1.5.12, 1.4.7. Discovery 2014-03-18 Entry 2014-03-23 nginx < 1.4.7 CVE-2014-0133 http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
152b27f0-a158-11de-990c-e5b1d4c882e0	nginx -- remote denial of service vulnerability nginx development team reports: A segmentation fault might occur in worker process while specially crafted request handling. Discovery 2009-09-14 Entry 2009-09-14 Modified 2009-09-15 nginx < 0.7.62 nginx-devel < 0.8.15 CVE-2009-2629 http://nginx.net/CHANGES http://lists.debian.org/debian-security-announce/2009/msg00205.html
0882f019-bd60-11eb-9bdd-8c164567ca3c	NGINX -- 1-byte memory overwrite in resolver NGINX team reports: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution. Discovery 2021-05-25 Entry 2021-05-25 nginx < 1.20.1,2 nginx-devel < 1.21.0 CVE-2021-23017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017