FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9libxml -- multiple vulnerabilities

CVE mitre reports:

CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal


Discovery 2020-01-21
Entry 2020-09-22
libxml2
< 2.9.10_1

https://nvd.nist.gov/vuln/detail/CVE-2019-20388
https://nvd.nist.gov/vuln/detail/CVE-2020-7595
https://nvd.nist.gov/vuln/detail/CVE-2020-24977
524bd03a-bb75-11eb-bf35-080027f515ealibxml2 -- Possible denial of service

Daniel Veillard reports:

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.


Discovery 2021-05-18
Entry 2021-05-23
libxml2
< 2.9.10_4

CVE-2021-3541
https://ubuntu.com/security/CVE-2021-3541
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e