This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
2e129846-8fbb-11d8-8b29-0020ed76ef5a | MySQL insecure temporary file creation (mysqlbug) Shaun Colley reports that the script `mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes `mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with the bug report template. Discovery 2004-03-25 Entry 2004-04-16 Modified 2004-05-21 mysql-client ge 4.0 lt 4.0.20 ge 4.1 lt 4.1.1_2 ge 5.0 lt 5.0.0_2 http://marc.theaimsgroup.com/?l=bugtraq&m=108023246916294&w=2 http://bugs.mysql.com/bug.php?id=3284 9976 CVE-2004-0381 |
4775c807-8f30-11dd-821f-001cc0377035 | mysql -- command line client input validation vulnerability Thomas Henlich reports:
Discovery 2007-04-17 Entry 2008-10-01 Modified 2008-10-10 mysql-client gt 5.1 lt 5.1.28_1 gt 5.0 lt 5.0.67_1 31486 http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability/ |
77420ebb-0cf4-11d9-8a8a-000c41e2cdad | mysql -- heap buffer overflow with prepared statements There is a buffer overflow in the prepared statements API (libmysqlclient) when a statement containing thousands of placeholders is executed. Discovery 2004-09-08 Entry 2004-09-23 mysql-server mysql-client ge 4.1.0 le 4.1.4 http://bugs.mysql.com/bug.php?id=5194 http://dev.mysql.com/doc/mysql/en/News-4.1.5.html http://mysql.bkbits.net:8080/mysql-4.1/cset@1.1932.152.4 |
835256b8-46ed-11d9-8ce0-00065be4b5b6 | mysql -- mysql_real_connect buffer overflow vulnerability The mysql_real_connect function doesn't properly handle DNS replies by copying the IP address into a buffer without any length checking. A specially crafted DNS reply may therefore be used to cause a buffer overflow on affected systems. Note that whether this issue can be exploitable depends on the system library responsible for the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:
Discovery 2004-06-04 Entry 2004-12-16 Modified 2005-03-15 mysql-server le 3.23.58_3 ge 4.* lt 4.0.21 mysql-client le 3.23.58_3 ge 4.* lt 4.0.21 CVE-2004-0836 10981 http://bugs.mysql.com/bug.php?id=4017 http://lists.mysql.com/internals/14726 http://rhn.redhat.com/errata/RHSA-2004-611.html http://www.osvdb.org/displayvuln.php?osvdb_id=10658 |