FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-11-03 18:37:05 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
68fcee9b-5259-11ed-89c9-0800276af896	Cleartext leak in libudisks From libudisks 2.9.4 NEWS: udiskslinuxblock: Fix leaking cleartext block interface Discovery 2021-09-29 Entry 2022-10-22 libudisks < 2.9.4 https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS
3bf134f4-942d-11f0-95de-0800276af896	libudisks -- Udisks: out-of-bounds read in udisks daemon secalert@redhat.com reports: A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users. Discovery 2025-08-28 Entry 2025-09-26 libudisks < 2.10.2 >= 2.10.90 lt 2.10.91 CVE-2025-8067 https://nvd.nist.gov/vuln/detail/CVE-2025-8067

VuXML ID

Description

68fcee9b-5259-11ed-89c9-0800276af896

Cleartext leak in libudisks

From libudisks 2.9.4 NEWS:

udiskslinuxblock: Fix leaking cleartext block interface

Discovery 2021-09-29
Entry 2022-10-22
libudisks

< 2.9.4

https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS

3bf134f4-942d-11f0-95de-0800276af896

libudisks -- Udisks: out-of-bounds read in udisks daemon

secalert@redhat.com reports:

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

Discovery 2025-08-28
Entry 2025-09-26
libudisks

< 2.10.2

>= 2.10.90 lt 2.10.91

CVE-2025-8067
https://nvd.nist.gov/vuln/detail/CVE-2025-8067