This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
0baee383-356c-11e7-b9a9-50e549ebab6c | kauth: Local privilege escalation Albert Astals Cid reports:
Discovery 2017-05-10 Entry 2017-05-10 kdelibs < 4.14.30_4 kf5-kauth < 5.33.0_1 CVE-2017-8422 http://www.openwall.com/lists/oss-security/2017/05/10/3 https://www.kde.org/info/security/advisory-20170510-1.txt |
d8fbf13a-6215-11db-a59e-0211d85f11fb | kdelibs -- integer overflow in khtml Red Hat reports:
Discovery 2006-10-14 Entry 2006-10-22 kdelibs kdelibs-nocups < 3.5.4_4 qt qt-copy < 3.3.6_3 CVE-2006-4811 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742 http://rhn.redhat.com/errata/RHSA-2006-0720.html |
29dd0065-81fa-11d9-a9e7-0001020eed82 | kdelibs -- insecure temporary file creation Davide Madrisan reports:
Note: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE. Discovery 2005-01-21 Entry 2005-02-18 Modified 2005-02-20 kdelibs ja-kdelibs < 3.3.2_5 CVE-2005-0365 http://bugs.kde.org/show_bug.cgi?id=97608 http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757 |
972697a7-9a42-11d9-a256-0001020eed82 | kdelibs -- local DCOP denial of service vulnerability A KDE Security Advisory reports:
Discovery 2005-03-16 Entry 2005-03-21 ja-kdelibs kdelibs-nocups kdelibs < 3.4.0 CVE-2005-0396 http://www.kde.org/info/security/advisory-20050316-1.txt |
832e9d75-5bfc-11d9-a9e7-0001020eed82 | kdelibs3 -- konqueror FTP command injection vulnerability Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI. It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction. Discovery 2004-12-01 Entry 2005-01-01 Modified 2005-01-04 ja-kdelibs kdelibs < 3.3.2_2 11827 CVE-2004-1165 http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681 http://marc.theaimsgroup.com/?l=full-disclosure&m=110387390226693 http://marc.theaimsgroup.com/?l=full-disclosure&m=110390734925183 http://www.kde.org/info/security/advisory-20050101-1.txt |
2f90556f-18c6-11e4-9cc4-5453ed2e2b49 | kdelibs -- KAuth PID Reuse Flaw Martin Sandsmark reports:
Discovery 2014-07-30 Entry 2014-07-31 kdelibs < 4.12.5_3 CVE-2014-5033 http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2 |
2797b27a-f55b-11d8-81b0-000347a4fa7d | kdelibs -- konqueror cross-domain cookie injection According to a KDE Security Advisory:
Discovery 2004-08-23 Entry 2004-08-26 kdelibs < 3.2.3_3 CVE-2004-0746 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.osvdb.org/9117 http://secunia.com/advisories/12341 http://www.acros.si/papers/session_fixation.pdf 10991 |
b0911985-6e2a-11d9-9557-000a95bc6fae | web browsers -- window injection vulnerabilities A Secunia Research advisory reports:
A workaround for Mozilla-based browsers is available. Discovery 2004-12-08 Entry 2005-01-24 Modified 2005-02-26 firefox < 1.0.1,1 mozilla < 1.7.6,2 linux-mozilla linux-mozilla-devel < 1.7.6 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 mozilla-gtk1 ge 0 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix ge 0 kdebase kdelibs < 3.3.2 opera opera-devel linux-opera < 7.54.20050131 http://secunia.com/secunia_research/2004-13/advisory/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ CVE-2004-1156 http://secunia.com/advisories/13129/ https://bugzilla.mozilla.org/show_bug.cgi?id=273699 https://bugzilla.mozilla.org/show_bug.cgi?id=103638 http://mozillanews.org/?article_date=2004-12-08+06-48-46 CVE-2004-1157 http://secunia.com/advisories/13253/ CVE-2004-1158 http://secunia.com/advisories/13254/ http://www.kde.org/info/security/advisory-20041213-1.txt CVE-2004-1160 http://secunia.com/advisories/13402/ |
603fe36d-ec9d-11d8-b913-000c41e2cdad | kdelibs insecure temporary file handling According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files. Discovery 2004-08-11 Entry 2004-08-12 kdelibs le 3.2.3_3 CVE-2004-0689 CVE-2004-0690 http://www.kde.org/info/security/advisory-20040811-1.txt http://www.kde.org/info/security/advisory-20040811-2.txt ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch |
641859e8-eca1-11d8-b913-000c41e2cdad | Mutiple browser frame injection vulnerability A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:
A KDE Security Advisory reports:
Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/. Discovery 2004-08-11 Entry 2004-08-12 Modified 2004-09-14 kdelibs < 3.2.3_3 kdebase < 3.2.3_1 linux-opera opera ge 7.50 lt 7.52 firefox < 0.9 linux-mozilla linux-mozilla-devel mozilla-gtk1 < 1.7 mozilla < 1.7,2 netscape7 < 7.2 CVE-2004-0717 CVE-2004-0718 CVE-2004-0721 http://secunia.com/advisories/11978/ http://bugzilla.mozilla.org/show_bug.cgi?id=246448 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch |
4472ab39-6c66-11e6-9ca5-50e549ebab6c | kdelibs -- directory traversal vulnerability David Faure reports:
Discovery 2016-07-24 Entry 2016-08-27 kdelibs < 4.14.10_7 CVE-2016-6232 https://www.kde.org/info/security/advisory-20160724-1.txt |
df333ede-a8ce-11d8-9c6d-0020ed76ef5a | URI handler vulnerabilities in several browsers Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration. After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers. Discovery 2004-05-12 Entry 2004-05-18 linux-opera opera < 7.50 kdelibs < 3.2.2_3 CVE-2004-0411 http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities http://www.kde.org/info/security/advisory-20040517-1.txt http://freebsd.kde.org/index.php#n20040517 |
14ad2a28-66d2-11dc-b25f-02e0185f8d72 | konquerer -- address bar spoofing The KDE development team reports:
Discovery 2007-09-14 Entry 2007-09-19 kdebase < 3.5.7_3 kdelibs < 3.5.7_2 CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 http://www.kde.org/info/security/advisory-20070914-1.txt |
4593cb09-4c81-11d9-983e-000c6e8f12ef | konqueror -- Password Disclosure for SMB Shares When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text. Discovery 2004-10-06 Entry 2004-12-12 Modified 2005-01-13 kdebase kdelibs ge 3.2.0 le 3.3.1 CVE-2004-1171 305294 http://www.kde.org/info/security/advisory-20041209-1.txt http://marc.theaimsgroup.com/?l=bugtraq&m=110178786809694 |
f714d8ab-028e-11e7-8042-50e549ebab6c | kio: Information Leak when accessing https when using a malicious PAC file Albert Astals Cid reports:
Discovery 2017-02-28 Entry 2017-03-11 kdelibs < 4.14.29_10 kf5-kio < 5.31.0_1 https://www.kde.org/info/security/advisory-20170228-1.txt |
06404241-b306-11d9-a788-0001020eed82 | kdelibs -- kimgio input validation errors A KDE Security Advisory reports:
Discovery 2005-04-21 Entry 2005-04-22 kdelibs ge 3.2 lt 3.4.0_2 CVE-2005-1046 http://bugs.kde.org/102328 http://www.kde.org/info/security/advisory-20050421-1.txt |