FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
41f8af15-c8b9-11e6-ae1b-002590263bf5	squid -- multiple vulnerabilities Squid security advisory 2016:10 reports: Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources. This problem only affects Squid configured to use the Collapsed Forwarding feature. It is of particular importance for HTTPS reverse-proxy sites with Collapsed Forwarding. Squid security advisory 2016:11 reports: Due to incorrect HTTP conditional request handling Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing session. Potentially including credentials which allow access to further sensitive resources.. Discovery 2016-12-16 Entry 2016-12-23 squid ge 3.1 lt 3.5.23 squid-devel ge 4.0 lt 4.0.17 CVE-2016-10002 CVE-2016-10003 ports/215416 ports/215418 http://www.squid-cache.org/Advisories/SQUID-2016_10.txt http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
d5b6d151-1887-11e8-94f7-9c5c8e75236a	squid -- Vulnerable to Denial of Service attack Louis Dion-Marcil reports: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue. This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem. Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service. Discovery 2017-12-13 Entry 2018-02-23 squid lt 3.5.27_3 squid-devel lt 4.0.23 http://www.squid-cache.org/Advisories/SQUID-2018_1.txt http://www.squid-cache.org/Advisories/SQUID-2018_2.txt CVE-2018-1000024 CVE-2018-1000027 https://www.debian.org/security/2018/dsa-4122 ports/226138
57c1c2ee-7914-11ea-90bf-0800276545c1	Squid -- multiple vulnerabilities The Squid developers reports: Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450). Information Disclosure issue in FTP Gateway (CVE-2019-12528). Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517). Discovery 2020-02-10 Entry 2020-04-07 squid lt 4.10 http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html https://nvd.nist.gov/vuln/detail/CVE-2020-8449 https://nvd.nist.gov/vuln/detail/CVE-2020-8450 https://nvd.nist.gov/vuln/detail/CVE-2019-12528 https://nvd.nist.gov/vuln/detail/CVE-2020-8517 CVE-2020-8449 CVE-2020-8450 CVE-2019-12528 CVE-2020-8517 ports/244026
620685d6-0aa3-11ea-9673-4c72b94353b5	squid -- Vulnerable to HTTP Digest Authentication Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Discovery 2019-11-05 Entry 2019-11-19 squid lt 4.9 http://www.squid-cache.org/Advisories/SQUID-2019_11.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679 CVE-2019-18679