FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
524bd03a-bb75-11eb-bf35-080027f515ea	libxml2 -- Possible denial of service Daniel Veillard reports: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Discovery 2021-05-18 Entry 2021-05-23 libxml2 < 2.9.10_4 CVE-2021-3541 https://ubuntu.com/security/CVE-2021-3541 https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9	libxml -- multiple vulnerabilities CVE mitre reports: CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal Discovery 2020-01-21 Entry 2020-09-22 libxml2 < 2.9.10_1 https://nvd.nist.gov/vuln/detail/CVE-2019-20388 https://nvd.nist.gov/vuln/detail/CVE-2020-7595 https://nvd.nist.gov/vuln/detail/CVE-2020-24977
0bd7f07b-dc22-11ed-bf28-589cfc0f81b0	libxml2 -- multiple vulnerabilities The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null deref in xmlSchemaFixupComplexType Discovery 2023-04-11 Entry 2023-04-16 libxml2 < 2.10.4 CVE-2023-28484 CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://bugzilla.redhat.com/show_bug.cgi?id=2185994

VuXML ID

Description

524bd03a-bb75-11eb-bf35-080027f515ea

libxml2 -- Possible denial of service

Daniel Veillard reports:

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Discovery 2021-05-18
Entry 2021-05-23
libxml2

< 2.9.10_4

CVE-2021-3541
https://ubuntu.com/security/CVE-2021-3541
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9

libxml -- multiple vulnerabilities

CVE mitre reports:

CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal

Discovery 2020-01-21
Entry 2020-09-22
libxml2

< 2.9.10_1

https://nvd.nist.gov/vuln/detail/CVE-2019-20388
https://nvd.nist.gov/vuln/detail/CVE-2020-7595
https://nvd.nist.gov/vuln/detail/CVE-2020-24977

0bd7f07b-dc22-11ed-bf28-589cfc0f81b0

libxml2 -- multiple vulnerabilities

The libxml2 project reports:

Hashing of empty dict strings isn't deterministic

Fix null deref in xmlSchemaFixupComplexType

Discovery 2023-04-11
Entry 2023-04-16
libxml2

< 2.10.4

CVE-2023-28484
CVE-2023-29469
https://bugzilla.redhat.com/show_bug.cgi?id=2185984
https://bugzilla.redhat.com/show_bug.cgi?id=2185994