FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
aa646c01-ea0d-11eb-9b84-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)

TELNET stack contents disclosure again (CVE-2021-22925)

Bad connection reuse due to flawed path name checks (CVE-2021-92254)

Metalink download sends credentials (CVE-2021-92253)

Wrong content via metalink not discarded (CVE-2021-92252)


Discovery 2021-07-21
Entry 2021-07-21
curl
< 7.78.0

CVE-2021-22922
CVE-2021-22923
CVE-2021-22924
CVE-2021-22925
CVE-2021-22926
https://curl.se/docs/vuln-7.77.0.html
11e36890-d28c-11ec-a06f-d4c9ef517024curl -- Multiple vulnerabilities

The curl project reports:

CVE-2022-27778: curl removes wrong file on error

CVE-2022-27779: cookie for trailing dot TLD

CVE-2022-27780: percent-encoded path separator in URL host

CVE-2022-27781: CERTINFO never-ending busy-loop

CVE-2022-27782: TLS and SSH connection too eager reuse

CVE-2022-30115: HSTS bypass via trailing dot


Discovery 2022-05-11
Entry 2022-05-13
curl
< 7.83.1

CVE-2022-27778
CVE-2022-27779
CVE-2022-27780
CVE-2022-27781
CVE-2022-27782
CVE-2022-30115
https://curl.se/docs/security.html
ae5722a6-f5f0-11ec-856e-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • CVE-2022-32205: Set-Cookie denial of service
  • CVE-2022-32206: HTTP compression denial of service
  • CVE-2022-32207: Unpreserved file permissions
  • CVE-2022-32208: FTP-KRB bad message verification

Discovery 2022-06-27
Entry 2022-06-27
curl
ge 7.16.4 lt 7.84.0

CVE-2022-32205
CVE-2022-32206
CVE-2022-32207
CVE-2022-32208
https://curl.se/docs/security.html
92a4d881-c6cf-11ec-a06f-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
  • Credential leak on redirect (CVE-2022-27774)
  • Bad local IPv6 connection reuse (CVE-2022-27775)
  • Auth/cookie leak on redirect (CVE-2022-27776)

Discovery 2022-04-27
Entry 2022-04-28
curl
< 7.83.0

CVE-2022-22576
CVE-2022-27774
CVE-2022-27775
CVE-2022-27776
https://curl.se/docs/vuln-7.82.0.html
c9221ec9-17a2-11ec-b335-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • UAF and double-free in MQTT sending (CVE-2021-22945)
  • Protocol downgrade required TLS bypassed (CVE-2021-22946)
  • STARTTLS protocol injection via MITM (CVE-2021-22945)

Discovery 2021-09-15
Entry 2021-09-17
Modified 2021-09-28
curl
ge 7.20.0 lt 7.79.0

CVE-2021-22945
CVE-2021-22946
CVE-2021-22947
https://curl.se/docs/security.html