FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363776
Date:      2014-08-02
Time:      02:34:44Z
Committer: jhale

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ac619d06-3ef8-11d9-8741-c942c075aa41jdk/jre -- Security Vulnerability With Java Plugin

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code.


Discovery 2004-11-24
Entry 2004-11-25
Modified 2005-04-27
jdk
ge 1.4.0 le 1.4.2p6_6

ge 1.3.0 le 1.3.1p9_5

linux-jdk
linux-sun-jdk
ge 1.4.0 le 1.4.2.05

ge 1.3.0 le 1.3.1.13

linux-blackdown-jdk
ge 1.3.0 le 1.4.2

linux-ibm-jdk
ge 1.3.0 le 1.4.2

diablo-jdk
diablo-jre
ge 1.3.1.0 le 1.3.1.0_1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=%22category:security%22%20%22availability,%20security%22
http://www.securityfocus.com/archive/1/382072
CVE-2004-1029
http://marc.theaimsgroup.com/?l=bugtraq&m=110125046627909
18e5428f-ae7c-11d9-837d-000e0c2e438ajdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.


Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk
le 1.2.2p11_3

ge 1.3.* le 1.3.1p9_4

ge 1.4.* le 1.4.2p7

ge 1.5.* le 1.5.0p1_1

linux-ibm-jdk
le 1.4.2_1

linux-sun-jdk
le 1.4.2.08_1

eq 1.5.0b1

eq 1.5.0b1,1

ge 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk
le 1.4.2_2

diablo-jdk
le 1.3.1.0_1

diablo-jdk-freebsd6
le i386.1.5.0.07.00

linux-jdk
ge 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/
c93e4d41-75c5-11dc-b903-0016179b2dd5jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

SUN reports:

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.


Discovery 2007-10-03
Entry 2007-10-08
Modified 2007-11-16
jdk
ge 1.3.0 lt 1.6.0.3p3

ge 1.5.0,1 lt 1.5.0.13p7,1

linux-blackdown-jdk
ge 1.3.0

linux-sun-jdk
ge 1.3.0 lt 1.3.1.20

ge 1.4.0 lt 1.4.2.16

eq 1.5.0.b1

eq 1.5.0.b1,1

ge 1.5.0,2 lt 1.5.0.13,2

ge 1.6.0 lt 1.6.0.03

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
CVE-2007-5232
c93e4d41-75c5-11dc-b903-0016179b2dd5jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

SUN reports:

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.


Discovery 2007-10-03
Entry 2007-10-08
Modified 2007-11-16
jdk
ge 1.3.0 lt 1.6.0.3p3

ge 1.5.0,1 lt 1.5.0.13p7,1

linux-blackdown-jdk
ge 1.3.0

linux-sun-jdk
ge 1.3.0 lt 1.3.1.20

ge 1.4.0 lt 1.4.2.16

eq 1.5.0.b1

eq 1.5.0.b1,1

ge 1.5.0,2 lt 1.5.0.13,2

ge 1.6.0 lt 1.6.0.03

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
CVE-2007-5232
ac619d06-3ef8-11d9-8741-c942c075aa41jdk/jre -- Security Vulnerability With Java Plugin

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code.


Discovery 2004-11-24
Entry 2004-11-25
Modified 2005-04-27
jdk
ge 1.4.0 le 1.4.2p6_6

ge 1.3.0 le 1.3.1p9_5

linux-jdk
linux-sun-jdk
ge 1.4.0 le 1.4.2.05

ge 1.3.0 le 1.3.1.13

linux-blackdown-jdk
ge 1.3.0 le 1.4.2

linux-ibm-jdk
ge 1.3.0 le 1.4.2

diablo-jdk
diablo-jre
ge 1.3.1.0 le 1.3.1.0_1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=%22category:security%22%20%22availability,%20security%22
http://www.securityfocus.com/archive/1/382072
CVE-2004-1029
http://marc.theaimsgroup.com/?l=bugtraq&m=110125046627909
18e5428f-ae7c-11d9-837d-000e0c2e438ajdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.


Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk
le 1.2.2p11_3

ge 1.3.* le 1.3.1p9_4

ge 1.4.* le 1.4.2p7

ge 1.5.* le 1.5.0p1_1

linux-ibm-jdk
le 1.4.2_1

linux-sun-jdk
le 1.4.2.08_1

eq 1.5.0b1

eq 1.5.0b1,1

ge 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk
le 1.4.2_2

diablo-jdk
le 1.3.1.0_1

diablo-jdk-freebsd6
le i386.1.5.0.07.00

linux-jdk
ge 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/