This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|---|
| 0c592c4a-1bcc-11d9-a3ec-00061bd2d56f | cyrus-sasl -- potential buffer overflow in DIGEST-MD5 plugin The Cyrus SASL DIGEST-MD5 plugin contains a potential buffer overflow when quoting is required in the output. Discovery 2004-07-06 Entry 2004-10-12 cyrus-sasl ge 2.* lt 2.1.19 https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c#rev1.171 |
| 14ab174c-40ef-11de-9fd5-001bd3385381 | cyrus-sasl -- buffer overflow vulnerability US-CERT reports:
Discovery 2009-04-08 Entry 2009-05-15 cyrus-sasl < 2.1.23 CVE-2009-0688 http://www.kb.cert.org/vuls/id/238019 |
| 408f6ebf-d152-11da-962f-000b972eb521 | cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service Unspecified vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library, has unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. Discovery 2006-04-11 Entry 2006-04-22 cyrus-sasl ge 2.* lt 2.1.21 CVE-2006-1721 |
| 92268205-1947-11d9-bc4a-000c41e2cdad | cyrus-sasl -- dynamic library loading and set-user-ID applications The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application (such as chsh) utilizes libsasl, it may be possible for a local attacker to gain superuser privileges. Discovery 2004-09-22 Entry 2004-10-08 cyrus-sasl le 1.5.28_3 ge 2.* le 2.1.19 CVE-2004-0884 https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104 |