FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
be5421ab-1b56-11e4-a767-5453ed2e2b49	krfb -- Possible Denial of Service or code execution via integer overflow Albert Aastals Cid reports: krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems. This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of the target architecture and threading it is unlikely that remote code execution can be achieved in practice. Discovery 2014-08-03 Entry 2014-08-03 krfb < 4.12.5_1 CVE-2014-4607 http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2
fb25333d-442f-11e4-98f3-5453ed2e2b49	krfb -- Multiple security issues in bundled libvncserver Martin Sandsmark reports: krfb 4.14 [and earlier] embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes. Discovery 2014-09-23 Entry 2014-09-25 krfb < 4.12.5_4 CVE-2014-6055 http://lists.kde.org/?l=kde-announce&m=141153917319769&w=2

VuXML ID

Description

be5421ab-1b56-11e4-a767-5453ed2e2b49

krfb -- Possible Denial of Service or code execution via integer overflow

Albert Aastals Cid reports:

krfb embeds libvncserver which embeds liblzo2, it contains various flaws that result in integer overflow problems.

This potentially allows a malicious application to create a possible denial of service or code execution. Due to the need to exploit precise details of the target architecture and threading it is unlikely that remote code execution can be achieved in practice.

Discovery 2014-08-03
Entry 2014-08-03
krfb

< 4.12.5_1

CVE-2014-4607
http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2

fb25333d-442f-11e4-98f3-5453ed2e2b49

krfb -- Multiple security issues in bundled libvncserver

Martin Sandsmark reports:

krfb 4.14 [and earlier] embeds libvncserver which has had several security issues.

Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes.

Discovery 2014-09-23
Entry 2014-09-25
krfb

< 4.12.5_4

CVE-2014-6055
http://lists.kde.org/?l=kde-announce&m=141153917319769&w=2