This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
10f7bc76-0335-4a88-b391-0b05b3a8ce1c | NSS -- MD5 downgrade in TLS 1.2 signatures The Mozilla Project reports:
Discovery 2015-12-22 Entry 2015-12-28 nss linux-c6-nss ge 3.20 lt 3.20.2 < 3.19.2.2 linux-firefox < 43.0.2,1 linux-thunderbird < 38.5.1 linux-seamonkey < 2.40 CVE-2015-7575 https://www.mozilla.org/security/advisories/mfsa2015-150/ https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb |
207f8ff3-f697-11d8-81b0-000347a4fa7d | nss -- exploitable buffer overflow in SSLv2 protocol handler ISS X-Force reports that a remotely exploitable buffer overflow exists in the Netscape Security Services (NSS) library's implementation of SSLv2. From their advisory:
Note that the vulnerable NSS library is also present in Mozilla-based browsers. However, it is not believed that browsers are affected, as the vulnerability is present only in code used by SSLv2 *servers*. Discovery 2004-08-23 Entry 2004-08-27 nss < 3.9.2 http://xforce.iss.net/xforce/alerts/id/180 http://www.osvdb.org/9116 http://secunia.com/advisories/12362 11015 |
32166082-53fa-41fa-b081-207e7a989a0a | NSS -- multiple vulnerabilities Mozilla Foundation reports:
Discovery 2016-06-07 Entry 2016-06-07 Modified 2016-11-23 nss < 3.23 linux-c6-nss linux-c7-nss < 3.21.3 linux-seamonkey < 2.44 CVE-2016-2834 https://www.mozilla.org/security/advisories/mfsa2016-61/ https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672 https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a https://hg.mozilla.org/projects/nss/rev/5fde729fdbff https://hg.mozilla.org/projects/nss/rev/329932eb1700 |
47695a9c-5377-11ec-8be6-d4c9ef517024 | NSS -- Memory corruption The Mozilla project reports:
Discovery 2021-12-01 Entry 2021-12-02 nss < 3.73 CVE-2021-43527 https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/ |
48108fb0-751c-4cbb-8f33-09239ead4b55 | NSS -- RSA Signature Forgery The Mozilla Project reports:
Discovery 2014-09-23 Entry 2014-09-25 linux-firefox < 32.0.3,1 linux-thunderbird < 31.1.2 linux-seamonkey < 2.29.1 nss < 3.17.1 linux-c6-nss < 3.16.1 CVE-2014-1568 https://www.mozilla.org/security/announce/2014/mfsa2014-73.html |
4cb165f0-6e48-423e-8147-92255d35c0f7 | NSS -- multiple vulnerabilities Mozilla Foundation reports:
Discovery 2017-03-17 Entry 2017-04-19 nss linux-f10-nss linux-c6-nss linux-c7-nss ge 3.30 lt 3.30.1 ge 3.29 lt 3.29.5 ge 3.22 lt 3.28.4 < 3.21.4 CVE-2017-5461 CVE-2017-5462 https://hg.mozilla.org/projects/nss/rev/99a86619eac9 https://hg.mozilla.org/projects/nss/rev/e126381a3c29 |
75091516-6f4b-4059-9884-6727023dc366 | NSS -- multiple vulnerabilities Mozilla Foundation reports:
Discovery 2016-01-26 Entry 2016-03-08 nss linux-c6-nss < 3.21 linux-firefox < 44.0,1 linux-seamonkey < 2.41 CVE-2016-1938 CVE-2016-1978 https://www.mozilla.org/security/advisories/mfsa2016-07/ https://www.mozilla.org/security/advisories/mfsa2016-15/ https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a https://hg.mozilla.org/projects/nss/rev/a245a4ccd354 |
7ae61870-9dd2-4884-a2f2-f19bb5784d09 | mozilla -- multiple vulnerabilities The Mozilla Project reports:
Discovery 2014-12-01 Entry 2014-12-02 firefox < 34.0,1 firefox-esr < 31.3.0,1 linux-firefox < 34.0,1 linux-seamonkey < 2.31 linux-thunderbird < 31.3.0 seamonkey < 2.31 thunderbird < 31.3.0 libxul < 31.3.0 nss < 3.17.3 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-1595 CVE-2014-1569 https://www.mozilla.org/security/advisories/mfsa2014-83 https://www.mozilla.org/security/advisories/mfsa2014-84 https://www.mozilla.org/security/advisories/mfsa2014-85 https://www.mozilla.org/security/advisories/mfsa2014-86 https://www.mozilla.org/security/advisories/mfsa2014-87 https://www.mozilla.org/security/advisories/mfsa2014-88 https://www.mozilla.org/security/advisories/mfsa2014-89 https://www.mozilla.org/security/advisories/mfsa2014-90 https://www.mozilla.org/security/advisories/ |
978b0f76-122d-11e4-afe3-bc5ff4fb5e7b | mozilla -- multiple vulnerabilities The Mozilla Project reports:
Discovery 2014-07-22 Entry 2014-07-23 firefox < 31.0,1 firefox-esr < 24.7.0,1 linux-firefox < 31.0,1 linux-thunderbird < 24.7.0 thunderbird < 24.7.0 nss < 3.16.1_2 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1551 CVE-2014-1552 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 https://www.mozilla.org/security/announce/2014/mfsa2014-56.html https://www.mozilla.org/security/announce/2014/mfsa2014-57.html https://www.mozilla.org/security/announce/2014/mfsa2014-58.html https://www.mozilla.org/security/announce/2014/mfsa2014-59.html https://www.mozilla.org/security/announce/2014/mfsa2014-60.html https://www.mozilla.org/security/announce/2014/mfsa2014-61.html https://www.mozilla.org/security/announce/2014/mfsa2014-62.html https://www.mozilla.org/security/announce/2014/mfsa2014-63.html https://www.mozilla.org/security/announce/2014/mfsa2014-64.html https://www.mozilla.org/security/announce/2014/mfsa2014-65.html https://www.mozilla.org/security/announce/2014/mfsa2014-66.html https://www.mozilla.org/security/announce/ |
9ccfee39-3c3b-11df-9edc-000f20797ede | mozilla -- multiple vulnerabilities Mozilla Project reports:
Discovery 2010-03-30 Entry 2010-03-30 seamonkey gt 2.0 lt 2.0.4 thunderbird ge 3.0 lt 3.0.4 firefox gt 3.5.*,1 lt 3.5.9,1 gt 3.*,1 lt 3.0.19,1 linux-firefox < 3.0.19,1 linux-firefox-devel < 3.5.9 nss linux-f10-nss < 3.12.5 CVE-2010-0181 CVE-2009-3555 CVE-2010-0179 CVE-2010-0178 CVE-2010-0177 CVE-2010-0176 CVE-2010-0175 CVE-2010-0174 CVE-2010-0173 http://www.mozilla.org/security/announce/2010/mfsa2010-24.html http://www.mozilla.org/security/announce/2010/mfsa2010-23.html http://www.mozilla.org/security/announce/2010/mfsa2010-22.html http://www.mozilla.org/security/announce/2010/mfsa2010-21.html http://www.mozilla.org/security/announce/2010/mfsa2010-20.html http://www.mozilla.org/security/announce/2010/mfsa2010-19.html http://www.mozilla.org/security/announce/2010/mfsa2010-18.html http://www.mozilla.org/security/announce/2010/mfsa2010-17.html http://www.mozilla.org/security/announce/2010/mfsa2010-16.html |
9d04936c-75f1-4a2c-9ade-4c1708be5df9 | mozilla -- multiple vulnerabilities The Mozilla Project reports:
Discovery 2015-11-03 Entry 2015-11-19 Modified 2016-04-13 nspr < 4.10.10 linux-c6-nspr < 4.10.10 nss ge 3.20 lt 3.20.1 ge 3.19.3 lt 3.19.4 < 3.19.2.1 firefox < 42.0,1 linux-firefox < 42.0,1 seamonkey < 2.39 linux-seamonkey < 2.39 firefox-esr < 38.4.0,1 libxul < 38.4.0 thunderbird < 38.4.0 linux-thunderbird < 38.4.0 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4518 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 https://www.mozilla.org/security/advisories/mfsa2015-116/ https://www.mozilla.org/security/advisories/mfsa2015-117/ https://www.mozilla.org/security/advisories/mfsa2015-118/ https://www.mozilla.org/security/advisories/mfsa2015-119/ https://www.mozilla.org/security/advisories/mfsa2015-120/ https://www.mozilla.org/security/advisories/mfsa2015-121/ https://www.mozilla.org/security/advisories/mfsa2015-122/ https://www.mozilla.org/security/advisories/mfsa2015-123/ https://www.mozilla.org/security/advisories/mfsa2015-124/ https://www.mozilla.org/security/advisories/mfsa2015-125/ https://www.mozilla.org/security/advisories/mfsa2015-126/ https://www.mozilla.org/security/advisories/mfsa2015-127/ https://www.mozilla.org/security/advisories/mfsa2015-128/ https://www.mozilla.org/security/advisories/mfsa2015-129/ https://www.mozilla.org/security/advisories/mfsa2015-130/ https://www.mozilla.org/security/advisories/mfsa2015-131/ https://www.mozilla.org/security/advisories/mfsa2015-132/ https://www.mozilla.org/security/advisories/mfsa2015-133/ |
aa5bc971-d635-11e0-b3cf-080027ef73ec | nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl Heather Adkins, Google's Information Security Manager, reported that Google received
VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:
Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they:
Discovery 2011-07-19 Entry 2011-09-03 Modified 2011-09-06 nss < 3.12.11 ca_root_nss < 3.12.11 firefox gt 3.6.*,1 lt 3.6.22,1 gt 4.0.*,1 lt 6.0.2,1 seamonkey < 2.3.2 linux-firefox < 3.6.22,1 thunderbird gt 3.1.* lt 3.1.14 gt 5.0.* lt 6.0.2 linux-thunderbird < 3.1.14 linux-seamonkey < 2.3.2 http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx http://www.mozilla.org/security/announce/2011/mfsa2011-34.html http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html |
c4292768-5273-4f17-a267-c5fe35125ce4 | NSS -- multiple vulnerabilities Mozilla Foundation reports:
Discovery 2016-03-08 Entry 2016-03-08 Modified 2016-09-05 nss ge 3.20 lt 3.21.1 < 3.19.2.3 linux-c6-nss ge 3.20 lt 3.21.0_1 < 3.19.2.3 linux-firefox < 45.0,1 linux-thunderbird < 38.7.0 linux-seamonkey < 2.42 CVE-2016-1950 CVE-2016-1979 https://www.mozilla.org/security/advisories/mfsa2016-35/ https://www.mozilla.org/security/advisories/mfsa2016-36/ https://hg.mozilla.org/projects/nss/rev/b9a31471759d https://hg.mozilla.org/projects/nss/rev/7033b1193c94 |
e71fd9d3-af47-11e7-a633-009c02a2ab30 | nss -- Use-after-free in TLS 1.2 generating handshake hashes Mozilla reports:
Discovery 2017-08-04 Entry 2017-10-12 Modified 2018-01-29 nss ge 3.32 lt 3.32.1 ge 3.28 lt 3.28.6 linux-c6-nss ge 3.28 lt 3.28.4_2 linux-c7-nss ge 3.28 lt 3.28.4_2 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 CVE-2017-7805 |