FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
27616957-b084-11ea-937b-b42e99a1b9c3	dbus file descriptor leak GitHub Security Lab reports: D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine. Discovery 2020-04-09 Entry 2020-07-03 dbus < 1.12.18 https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 https://www.openwall.com/lists/oss-security/2020/06/04/3 CVE-2020-12049
c1930f45-6982-11e4-80e1-bcaec565249c	dbus -- incomplete fix for CVE-2014-3636 part A Simon McVittie reports: The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability. Discovery 2014-11-10 Entry 2014-11-11 dbus < 1.8.10 CVE-2014-7824 http://lists.freedesktop.org/archives/dbus/2014-November/016395.html

VuXML ID

Description

27616957-b084-11ea-937b-b42e99a1b9c3

dbus file descriptor leak

GitHub Security Lab reports:

D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine.

Discovery 2020-04-09
Entry 2020-07-03
dbus

< 1.12.18

https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
https://www.openwall.com/lists/oss-security/2020/06/04/3
CVE-2020-12049

c1930f45-6982-11e4-80e1-bcaec565249c

dbus -- incomplete fix for CVE-2014-3636 part A

Simon McVittie reports:

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability.

Discovery 2014-11-10
Entry 2014-11-11
dbus

< 1.8.10

CVE-2014-7824
http://lists.freedesktop.org/archives/dbus/2014-November/016395.html