FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06404241-b306-11d9-a788-0001020eed82kdelibs -- kimgio input validation errors

A KDE Security Advisory reports:

kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

Impact: Remotely supplied, specially crafted image files can be used to execute arbitrary code.


Discovery 2005-04-21
Entry 2005-04-22
kdelibs
ge 3.2 lt 3.4.0_2

CVE-2005-1046
http://bugs.kde.org/102328
http://www.kde.org/info/security/advisory-20050421-1.txt
14ad2a28-66d2-11dc-b25f-02e0185f8d72konquerer -- address bar spoofing

The KDE development team reports:

The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.


Discovery 2007-09-14
Entry 2007-09-19
kdebase
lt 3.5.7_3

kdelibs
lt 3.5.7_2

CVE-2007-3820
CVE-2007-4224
CVE-2007-4225
http://www.kde.org/info/security/advisory-20070914-1.txt
d8fbf13a-6215-11db-a59e-0211d85f11fbkdelibs -- integer overflow in khtml

Red Hat reports:

An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim.


Discovery 2006-10-14
Entry 2006-10-22
kdelibs
kdelibs-nocups
lt 3.5.4_4

qt
qt-copy
lt 3.3.6_3

CVE-2006-4811
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
http://rhn.redhat.com/errata/RHSA-2006-0720.html
06404241-b306-11d9-a788-0001020eed82kdelibs -- kimgio input validation errors

A KDE Security Advisory reports:

kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

Impact: Remotely supplied, specially crafted image files can be used to execute arbitrary code.


Discovery 2005-04-21
Entry 2005-04-22
kdelibs
ge 3.2 lt 3.4.0_2

CVE-2005-1046
http://bugs.kde.org/102328
http://www.kde.org/info/security/advisory-20050421-1.txt
14ad2a28-66d2-11dc-b25f-02e0185f8d72konquerer -- address bar spoofing

The KDE development team reports:

The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.


Discovery 2007-09-14
Entry 2007-09-19
kdebase
lt 3.5.7_3

kdelibs
lt 3.5.7_2

CVE-2007-3820
CVE-2007-4224
CVE-2007-4225
http://www.kde.org/info/security/advisory-20070914-1.txt
d8fbf13a-6215-11db-a59e-0211d85f11fbkdelibs -- integer overflow in khtml

Red Hat reports:

An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim.


Discovery 2006-10-14
Entry 2006-10-22
kdelibs
kdelibs-nocups
lt 3.5.4_4

qt
qt-copy
lt 3.3.6_3

CVE-2006-4811
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
http://rhn.redhat.com/errata/RHSA-2006-0720.html