This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
5fe7e27a-64cb-11d9-9e1e-c296ac722cb3 | squid -- denial of service with forged WCCP messages The squid patches page notes:
Discovery 2005-01-07 Entry 2005-01-12 Modified 2005-01-22 squid < 2.5.7_6 CVE-2005-0095 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service http://www.squid-cache.org/bugs/show_bug.cgi?id=1190 http://www.squid-cache.org/Advisories/SQUID-2005_2.txt |
7e97b288-c7ca-11d9-9e1e-c296ac722cb3 | squid -- DNS lookup spoofing vulnerability The squid patches page notes:
Discovery 2005-05-11 Entry 2005-05-19 squid < 2.5.10 CVE-2005-1519 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_reply http://secunia.com/advisories/15294 |
660ebbf5-daeb-11e5-b2bd-002590263bf5 | squid -- remote DoS in HTTP response processing Squid security advisory 2016:2 reports:
Discovery 2016-02-24 Entry 2016-02-24 Modified 2016-02-28 squid < 3.5.15 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 ports/207454 http://www.squid-cache.org/Advisories/SQUID-2016_2.txt http://www.openwall.com/lists/oss-security/2016/02/24/12 |
8dbf7894-a9a8-11d9-a788-0001020eed82 | squid -- DoS on failed PUT/POST requests vulnerability The squid patches page notes:
Discovery 2005-02-03 Entry 2005-04-10 squid le 2.5.7_12 CVE-2005-0718 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post http://www.squid-cache.org/bugs/show_bug.cgi?id=1224 |
d3324c55-3f11-11e4-ad16-001999f8d30b | squid -- Buffer overflow in SNMP processing The squid-cache project reports:
Discovery 2014-09-15 Entry 2014-09-18 squid < 3.4.8 squid32 gt 0 squid33 < 3.3.13_2 http://www.squid-cache.org/Advisories/SQUID-2014_3.txt CVE-2014-6270 |
23fb5a04-722b-11d9-9e1e-c296ac722cb3 | squid -- buffer overflow in WCCP recvfrom() call According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3,
Note that while the default configuration of the FreeBSD squid port enables WCCP support in general, the default configuration supplied does not actually configure squid to send and receive WCCP messages. Discovery 2005-01-28 Entry 2005-01-28 Modified 2005-02-13 squid < 2.5.7_10 CVE-2005-0211 886006 http://www.squid-cache.org/Advisories/SQUID-2005_3.txt http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow http://www.squid-cache.org/bugs/show_bug.cgi?id=1217 |
44e7764c-2614-11da-9e1e-c296ac722cb3 | squid -- possible denial of service condition regarding NTLM authentication The squid patches page notes:
Discovery 2005-09-12 Entry 2005-09-15 Modified 2005-10-02 squid < 2.5.10_6 14977 CVE-2005-2917 http://www.squid-cache.org/bugs/show_bug.cgi?id=1391 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert http://secunia.com/advisories/16992/ |
705e003a-7f36-11d8-9645-0020ed76ef5a | squid ACL bypass due to URL decoding bug From the Squid advisory:
Discovery 2004-02-29 Entry 2004-03-26 Modified 2015-05-01 squid < 2.5.5 http://www.squid-cache.org/Advisories/SQUID-2004_1.txt CVE-2004-0189 |
184ab9e0-64cd-11d9-9e1e-c296ac722cb3 | squid -- buffer overflow vulnerability in gopherToHTML The squid patches page notes:
Discovery 2005-01-11 Entry 2005-01-12 Modified 2005-01-22 squid < 2.5.7_6 CVE-2005-0094 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing http://www.squid-cache.org/bugs/show_bug.cgi?id=1189 http://www.squid-cache.org/Advisories/SQUID-2005_1.txt |
4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3 | squid -- HTTP response splitting cache pollution attack According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes:
Discovery 2004-03-01 Entry 2005-01-22 Modified 2005-02-07 squid < 2.5.7_8 CVE-2005-0175 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting http://www.squid-cache.org/bugs/show_bug.cgi?id=1200 https://www.watchfire.com/securearea/whitepapers.aspx?id=8 625878 |
5bf1a715-cc57-440f-b0a5-6406961c54a7 | squid -- denial-of-service vulnerabilities The Squid team reported several denial-of-service vulnerabilities related to the handling of DNS responses and NT Lan Manager messages. These may allow an attacker to crash the Squid cache. Discovery 2005-01-16 Entry 2005-06-03 squid < 2.5.9 CVE-2005-0446 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert CVE-2005-0096 CVE-2005-0097 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth |
57c1c2ee-7914-11ea-90bf-0800276545c1 | Squid -- multiple vulnerabilities The Squid developers reports:
Discovery 2020-02-10 Entry 2020-04-07 squid < 4.10 http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html https://nvd.nist.gov/vuln/detail/CVE-2020-8449 https://nvd.nist.gov/vuln/detail/CVE-2020-8450 https://nvd.nist.gov/vuln/detail/CVE-2019-12528 https://nvd.nist.gov/vuln/detail/CVE-2020-8517 CVE-2020-8449 CVE-2020-8450 CVE-2019-12528 CVE-2020-8517 ports/244026 |
7a921e9e-68b1-11d9-9e1e-c296ac722cb3 | squid -- no sanity check of usernames in squid_ldap_auth The LDAP authentication helper did not strip leading or trailing spaces from the login name. According to the squid patches page:
Discovery 2005-01-10 Entry 2005-01-19 Modified 2005-02-08 squid < 2.5.7_7 CVE-2005-0173 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://www.squid-cache.org/bugs/show_bug.cgi?id=1187 924198 |
0c0dc409-1c5e-11da-92ce-0048543d60ce | squid -- Possible Denial Of Service Vulnerability in store.c The squid patches page notes:
Discovery 2005-08-02 Entry 2005-09-04 Modified 2005-10-02 squid < 2.5.10_5 14761 CVE-2005-2794 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING http://www.squid-cache.org/bugs/show_bug.cgi?id=1368 http://secunia.com/advisories/16708/ |
65e99f52-1c5f-11d9-bc4a-000c41e2cdad | squid -- SNMP module denial-of-service vulnerability The Squid-2.5 patches page notes:
This only affects squid installations where SNMP is explicitly enabled via "make config". As a workaround, SNMP can be disabled by defining "snmp_port 0" in squid.conf. Squid security advisory SQUID-2008:1 explains that Squid-3 versions up to and including Squid-3.0.STABLE6 are affected by this error, too. Discovery 2004-09-29 Entry 2004-10-12 Modified 2008-06-28 squid < 2.5.7 ge 3.0.0 lt 3.0.7 CVE-2004-0918 http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-SNMP_core_dump http://www.squid-cache.org/Advisories/SQUID-2004_3.txt http://www.squid-cache.org/Advisories/SQUID-2008_1.txt |
c37de843-488e-11e2-a5c9-0019996bc1f7 | squid -- denial of service Squid developers report:
Discovery 2012-12-17 Entry 2012-12-28 Modified 2013-05-02 squid < 2.7.9_4 ge 3.1 lt 3.1.23 ge 3.2 lt 3.2.6 ge 3.3 lt 3.3.0.3 CVE-2012-5643 CVE-2013-0189 http://www.squid-cache.org/Advisories/SQUID-2012_1.txt |
b4d94fa0-6e38-11d9-9e1e-c296ac722cb3 | squid -- possible cache-poisoning via malformed HTTP responses The squid patches page notes:
To enable these strict parsing rules, update to at least
squid-2.5.7_9 and specify Discovery 2005-01-24 Entry 2005-01-24 Modified 2006-01-02 squid < 2.5.7_9 CVE-2005-0174 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing 768702 |
620685d6-0aa3-11ea-9673-4c72b94353b5 | squid -- Vulnerable to HTTP Digest Authentication Squid Team reports:
Discovery 2019-11-05 Entry 2019-11-19 squid < 4.9 http://www.squid-cache.org/Advisories/SQUID-2019_11.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679 CVE-2019-18679 |
a8fb8e3a-730d-11ee-ab61-b42e991fc52e | squid -- Multiple vulnerabilities The squid-cache project reports:
Discovery 2023-10-21 Entry 2023-10-25 squid < 6.4 https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g |
f9ada0b5-3d80-11ed-9330-080027f5fec9 | squid -- Exposure of sensitive information in cache manager Mikhail Evdokimov (aka konata) reports:
Discovery 2022-04-17 Entry 2022-09-26 squid < 5.7 CVE-2022-41317 https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq |
a30e5e44-5440-11d9-9e1e-c296ac722cb3 | squid -- confusing results on empty acl declarations Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example,
Discovery 2004-12-21 Entry 2004-12-23 Modified 2005-02-08 squid < 2.5.7_5 CVE-2005-0194 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls http://www.squid-cache.org/bugs/show_bug.cgi?id=1166 |
1c3142a3-4ab2-11da-932d-00055d790c25 | squid -- FTP server response handling denial of service A Secunia Advisory reports:
Discovery 2005-10-19 Entry 2005-11-01 squid < 2.5.11_3 CVE-2005-3258 http://secunia.com/advisories/17271/ |
6f955451-ba54-11d8-b88c-000d610a3b12 | Buffer overflow in Squid NTLM authentication helper Remote exploitation of a buffer overflow vulnerability in the NTLM authentication helper routine of the Squid Web Proxy Cache could allow a remote attacker to execute arbitrary code. A remote attacker can compromise a target system if the Squid Proxy is configured to use the NTLM authentication helper. The attacker can send an overly long password to overflow the buffer and execute arbitrary code. Discovery 2004-05-20 Entry 2004-06-09 squid < 2.5.5_9 http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false CVE-2004-0541 http://www.osvdb.org/6791 http://secunia.com/advisories/11804 10500 http://www.squid-cache.org/bugs/show_bug.cgi?id=998 |
d5b6d151-1887-11e8-94f7-9c5c8e75236a | squid -- Vulnerable to Denial of Service attack Louis Dion-Marcil reports:
Discovery 2017-12-13 Entry 2018-02-23 squid < 3.5.27_3 squid-devel < 4.0.23 http://www.squid-cache.org/Advisories/SQUID-2018_1.txt http://www.squid-cache.org/Advisories/SQUID-2018_2.txt CVE-2018-1000024 CVE-2018-1000027 https://www.debian.org/security/2018/dsa-4122 ports/226138 |
4e210d72-1c5c-11da-92ce-0048543d60ce | squid -- Denial Of Service Vulnerability in sslConnectTimeout The squid patches page notes:
Discovery 2005-07-21 Entry 2005-09-04 Modified 2005-10-02 squid < 2.5.10_5 14731 CVE-2005-2796 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout http://www.squid-cache.org/bugs/show_bug.cgi?id=1355 http://secunia.com/advisories/16674/ |
6eb580d7-a29c-11dc-8919-001c2514716c | Squid -- Denial of Service Vulnerability Squid secuirty advisory reports:
Discovery 2007-11-28 Entry 2007-12-04 Modified 2007-12-07 squid ge 2.0 lt 2.6.16_1 ge 3.* lt 3.0.r1.20071001_1 26687 CVE-2007-6239 |
e05bfc92-0763-11e6-94fa-002590263bf5 | squid -- multiple vulnerabilities Squid security advisory 2016:5 reports:
Squid security advisory 2016:6 reports:
Discovery 2016-04-20 Entry 2016-04-21 squid < 3.5.17 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 ports/208939 http://www.squid-cache.org/Advisories/SQUID-2016_5.txt http://www.squid-cache.org/Advisories/SQUID-2016_6.txt |
064225c5-1f53-11d9-836a-0090962cff2a | squid -- NTLM authentication denial-of-service vulnerability A remote attacker is able to cause a denial-of-service situation, when NTLM authentication is enabled in squid. NTLM authentication uses two functions which lack correct offset checking. Discovery 2004-08-18 Entry 2004-10-18 squid < 2.5.7 CVE-2004-0832 http://www.squid-cache.org/bugs/show_bug.cgi?id=1045 |
150d1538-23fa-11e5-a4a5-002590263bf5 | squid -- Improper Protection of Alternate Path with CONNECT requests Squid security advisory 2015:2 reports:
Discovery 2015-07-06 Entry 2015-07-06 Modified 2015-07-17 squid < 3.5.6 http://www.squid-cache.org/Advisories/SQUID-2015_2.txt CVE-2015-5400 |
bfda39de-7467-11d9-9e1e-c296ac722cb3 | squid -- correct handling of oversized HTTP reply headers The squid patches page notes:
It is believed that this bug may lead to cache pollution or allow access controls to be bypassed. Discovery 2005-01-31 Entry 2005-02-08 squid < 2.5.7_12 CVE-2005-0241 http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch ports/76967 823350 |
a395397c-c7c8-11d9-9e1e-c296ac722cb3 | squid -- possible abuse of cachemgr.cgi The squid patches page notes:
Discovery 1999-07-29 Entry 2005-05-19 squid < 2.5.10 CVE-1999-0710 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-cachemgr_conf http://www.squid-cache.org/bugs/show_bug.cgi?id=1094 |
f0db930b-496b-11d9-bf86-0050569f0001 | squid -- possible information disclosure The squid-2.5 patches pages notes:
Discovery 2004-11-23 Entry 2004-12-09 squid < 2.5.7_4 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-dothost |
297117ba-f92d-11e5-92ce-002590263bf5 | squid -- multiple vulnerabilities Squid security advisory 2016:3 reports:
Squid security advisory 2016:4 reports:
Discovery 2016-03-28 Entry 2016-04-02 squid < 3.5.16 CVE-2016-3947 CVE-2016-3948 ports/208463 http://www.squid-cache.org/Advisories/SQUID-2016_3.txt http://www.squid-cache.org/Advisories/SQUID-2016_4.txt |