This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-28 07:09:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
1e8e63c0-478a-11dd-a88d-000ea69a5213 | fetchmail -- potential crash in -v -v verbose mode (revised patch) Matthias Andree reports:
Discovery 2008-06-24 Entry 2008-07-01 fetchmail < 6.3.8_7 CVE-2008-2711 http://www.fetchmail.info/fetchmail-SA-2008-01.txt |
cbfd1874-efea-11eb-8fe9-036bd763ff35 | fetchmail -- 6.4.19 and older denial of service or information disclosure Matthias Andree reports:
Discovery 2021-07-07 Entry 2021-07-28 Modified 2021-08-03 fetchmail < 6.3.9 ge 6.3.17 lt 6.4.20 CVE-2021-36386 CVE-2008-2711 https://sourceforge.net/p/fetchmail/mailman/message/37327392/ |
168190df-3e9a-11dd-87bc-000ea69a5213 | fetchmail -- potential crash in -v -v verbose mode Matthias Andree reports:
Discovery 2008-06-13 Entry 2008-06-20 fetchmail < 6.3.8_6 CVE-2008-2711 http://www.fetchmail.info/fetchmail-SA-2008-01.txt |
83f9e943-e664-11e1-a66d-080027ef73ec | fetchmail -- two vulnerabilities in NTLM authentication Matthias Andree reports:
Discovery 2012-08-12 Entry 2012-08-14 Modified 2012-08-27 fetchmail ge 5.0.8 lt 6.3.21_1 CVE-2012-3482 |
5179d85c-8683-11de-91b9-0022157515b2 | fetchmail -- improper SSL certificate subject verification Matthias Andree reports:
Discovery 2009-08-06 Entry 2009-08-11 Modified 2009-08-13 fetchmail < 6.3.11 CVE-2009-2666 http://www.fetchmail.info/fetchmail-SA-2009-01.txt |
09910d76-4c82-11df-83fb-0015587e2cc1 | fetchmail -- denial of service vulnerability Fetchmail developer Matthias Andree reported a vulnerability that allows remote attackers to crash the application when it is runs in verbose mode.
Discovery 2010-04-18 Entry 2010-04-20 fetchmail ge 4.6.3 le 6.3.16 CVE-2010-1167 ports/145857 http://gitorious.org/fetchmail/fetchmail/commit/ec06293 http://seclists.org/oss-sec/2010/q2/76 |
f7eb0b23-7099-11da-a15c-0060084a00e5 | fetchmail -- null pointer dereference in multidrop mode with headerless email The fetchmail team reports:
Discovery 2005-12-19 Entry 2005-12-19 fetchmail < 6.3.1 CVE-2005-4348 http://www.fetchmail.info/fetchmail-SA-2005-03.txt http://article.gmane.org/gmane.mail.fetchmail.user/7573 http://bugs.debian.org/343836 |
baf74e0b-497a-11da-a4f4-0060084a00e5 | fetchmail -- fetchmailconf local password exposure The fetchmail team reports:
Discovery 2005-10-21 Entry 2005-10-30 fetchmail < 6.2.5.2_1 CVE-2005-3088 http://www.fetchmail.info/fetchmail-SA-2005-02.txt |
3497d7be-2fef-45f4-8162-9063751b573a | fetchmail -- remote root/code injection from malicious POP3 server fetchmail's POP3/UIDL code does not truncate received UIDs properly. A malicious or compromised POP3 server can thus corrupt fetchmail's stack and inject code when fetchmail is using UIDL, either through configuration, or as a result of certain server capabilities. Note that fetchmail is run as root on some sites, so an attack might compromise the root account and thus the whole machine. Discovery 2005-07-20 Entry 2005-07-20 Modified 2005-07-21 fetchmail < 6.2.5.1 CVE-2005-2335 ports/83805 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212762 http://www.fetchmail.info/fetchmail-SA-2005-01.txt |
45500f74-5947-11dc-87c1-000e2e5785ad | fetchmail -- denial of service on reject of local warning message Matthias Andree reports:
Discovery 2007-07-29 Entry 2007-09-02 fetchmail ge 4.6.8 lt 6.3.8_4 CVE-2007-4565 http://www.fetchmail.info/fetchmail-SA-2007-02.txt |
af0296be-2455-11d8-82e5-0020ed76ef5a | fetchmail -- address parsing vulnerability Fetchmail can be crashed by a malicious email message. Discovery 2003-10-25 Entry 2003-10-25 Modified 2012-09-04 fetchmail le 6.2.0 http://security.e-matters.de/advisories/052002.html |
5238ac45-9d8c-11db-858b-0060084a00e5 | fetchmail -- TLS enforcement problem/MITM attack/password exposure Matthias Andree reports:
Discovery 2007-01-04 Entry 2007-01-06 fetchmail < 6.3.6 CVE-2006-5867 http://www.fetchmail.info/fetchmail-SA-2006-02.txt |
1d6410e8-06c1-11ec-a35d-03ca114d16d6 | fetchmail -- STARTTLS bypass vulnerabilities Problem:
Discovery 2021-08-10 Entry 2021-08-26 fetchmail < 6.4.22.r1 CVE-2021-39272 https://www.fetchmail.info/fetchmail-SA-2021-02.txt |
f7d838f2-9039-11e0-a051-080027ef73ec | fetchmail -- STARTTLS denial of service Matthias Andree reports:
Discovery 2011-04-28 Entry 2011-06-06 fetchmail < 6.3.20 CVE-2011-1947 http://www.fetchmail.info/fetchmail-SA-2011-01.txt https://gitorious.org/fetchmail/fetchmail/commit/7dc67b8cf06f74aa57525279940e180c99701314 |
ac4b9d18-67a9-11d8-80e3-0020ed76ef5a | fetchmail -- denial-of-service vulnerability Dave Jones discovered a denial-of-service vulnerability in fetchmail. An email message containing a very long line could cause fetchmail to segfault due to missing NUL termination in transact.c. Eric Raymond decided not to mention this issue in the release notes for fetchmail 6.2.5, but it was fixed there. Discovery 2003-10-16 Entry 2004-02-25 Modified 2012-09-04 fetchmail < 6.2.5 CVE-2003-0792 8843 http://xforce.iss.net/xforce/xfdb/13450 http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/fetchmail/patches/Attic/patch-rfc822_c?rev=1.1 |
f1c4d133-e6d3-11db-99ea-0060084a00e5 | fetchmail -- insecure APOP authentication Matthias Andree reports:
Discovery 2007-04-06 Entry 2007-04-09 fetchmail < 6.3.8 CVE-2007-1558 http://www.fetchmail.info/fetchmail-SA-2007-01.txt |