FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1edae47e-1cdd-11ea-8c2a-08002743b791samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14861:

An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name.

CVE-2019-14870:

The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC.


Discovery 2019-12-10
Entry 2019-12-12
samba48
ge 4.8.0

samba410
lt 4.10.11

samba411
lt 4.11.3

https://www.samba.org/samba/history/samba-4.10.11.html
CVE-2019-14861
CVE-2019-14870
50a1bbc9-fb80-11e9-9e70-005056a311d1samba -- multiple vulnerabilities

The samba project reports:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code.

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.


Discovery 2019-09-29
Entry 2019-10-29
samba48
le 4.8.12

samba410
lt 4.10.10

samba411
lt 4.11.2

https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10218
https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14833
https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14847