FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
53caf29b-9180-11ed-acbe-b42e991fc52e | cassandra3 -- multiple vulnerabilities
Cassandra tema reports:
This release contains 6 security fixes including
- CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory
- CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.
- CVE-2019-2684: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE
- CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
- CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
- CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
Discovery 2023-01-11 Entry 2023-01-11 cassandra3
< 3.11.14
CVE-2022-24823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823
CVE-2020-7238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
CVE-2019-2684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684
CVE-2022-25857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
CVE-2022-42003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
CVE-2022-42004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
|
b3fd12ea-917a-11ed-acbe-b42e991fc52e | cassandra3 -- jBCrypt integer overflow
mindrot project reports:
There is an integer overflow that
occurs with very large log_rounds values, first reported by
Marcus Rathsfeld.
Discovery 2015-01-30 Entry 2023-01-11 cassandra3
< 3.11.12
CVE-2015-0886
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886
|
60624f63-9180-11ed-acbe-b42e991fc52e | cassandra3 -- arbitrary code execution
Marcus Eriksson reports:
When running Apache Cassandra with
the following configuration:
enable_user_defined_functions: true
enable_scripted_user_defined_functions: true
enable_user_defined_functions_threads: false
it is possible for an attacker to execute arbitrary code on
the host. The attacker would need to have enough permissions
to create user defined functions in the cluster to be able
to exploit this.
Discovery 2022-02-11 Entry 2023-01-11 cassandra3
< 3.11.13
CVE-2021-44521
https://www.cvedetails.com/cve/CVE-2021-44521
|