FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
53caf29b-9180-11ed-acbe-b42e991fc52ecassandra3 -- multiple vulnerabilities

Cassandra tema reports:

This release contains 6 security fixes including

  • CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory
  • CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.
  • CVE-2019-2684: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
  • CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
  • CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
  • CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.

Discovery 2023-01-11
Entry 2023-01-11
cassandra3
< 3.11.14

CVE-2022-24823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823
CVE-2020-7238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
CVE-2019-2684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684
CVE-2022-25857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
CVE-2022-42003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
CVE-2022-42004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
60624f63-9180-11ed-acbe-b42e991fc52ecassandra3 -- arbitrary code execution

Marcus Eriksson reports:

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this.


Discovery 2022-02-11
Entry 2023-01-11
cassandra3
< 3.11.13

CVE-2021-44521
https://www.cvedetails.com/cve/CVE-2021-44521
b3fd12ea-917a-11ed-acbe-b42e991fc52ecassandra3 -- jBCrypt integer overflow

mindrot project reports:

There is an integer overflow that occurs with very large log_rounds values, first reported by Marcus Rathsfeld.


Discovery 2015-01-30
Entry 2023-01-11
cassandra3
< 3.11.12

CVE-2015-0886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886