This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
7bbc3016-de63-11e5-8fa8-14dae9d210b8 | tomcat -- multiple vulnerabilities Mark Thomas reports:
Discovery 2016-02-22 Entry 2016-02-28 tomcat7 < 7.0.68 tomcat8 < 8.0.30 http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF7B.1010901@apache.org%3e http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEFB2.9030605@apache.org%3e CVE-2015-5346 CVE-2015-5351 CVE-2016-0763 |
6a72eff7-ccd6-11ea-9172-4c72b94353b5 | Apache Tomcat -- Multiple Vulnerabilities The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Discovery 2020-07-05 Entry 2020-07-23 Modified 2020-07-23 tomcat7 < 7.0.105 tomcat85 < 8.5.57 tomcat9 < 9.0.37 tomcat-devel < 10.0.0.M7 https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-10.html CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 |
8b571fb2-f311-11eb-b12b-fc4dd43e2b6a | tomcat -- JNDI Realm Authentication Weakness in multiple versions ilja.farber reports:
Discovery 2021-04-08 Entry 2021-08-01 tomcat7 ge 7.0.0 le 7.0.108 tomcat85 ge 8.5.0 le 8.5.65 tomcat9 ge 9.0.0 le 9.0.45 tomcat10 ge 10.0.0 le 10.0.5 CVE-2021-30640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640 |
676ca486-9c1e-11ea-8b5e-b42e99a1b9c3 | Apache Tomcat Remote Code Execution via session persistence The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control Discovery 2020-05-12 Entry 2020-05-22 tomcat7 < 7.0.104 tomcat85 < 8.5.55 tomcat9 < 9.0.35 tomcat-devel < 10.0.0.M5 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://tomcat.apache.org/security-10.html CVE-2020-9484 |
f599dfc4-3ec2-11e2-8ae1-001a8056d0b5 | tomcat -- bypass of security constraints The Apache Software Foundation reports:
Discovery 2012-12-04 Entry 2012-12-04 Modified 2017-03-18 tomcat ge 6.0.0 le 6.0.35 tomcat7 ge 7.0.0 le 7.0.29 CVE-2012-3546 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html |
134acaa2-51ef-11e2-8e34-0022156e8794 | tomcat -- denial of service The Apache Software Foundation reports:
Discovery 2012-12-04 Entry 2012-12-04 Modified 2017-03-18 tomcat ge 6.0.0 le 6.0.35 tomcat7 ge 7.0.0 le 7.0.27 CVE-2012-4534 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html |
e5ec2767-d529-11e6-ae1b-002590263bf5 | tomcat -- information disclosure vulnerability The Apache Software Foundation reports:
Discovery 2017-01-05 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.49 tomcat7 < 7.0.74 tomcat8 < 8.0.40 CVE-2016-8745 ports/215865 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40 |
953911fe-51ef-11e2-8e34-0022156e8794 | tomcat -- bypass of CSRF prevention filter The Apache Software Foundation reports:
Discovery 2012-12-04 Entry 2012-12-04 Modified 2017-03-18 tomcat ge 6.0.0 le 6.0.35 tomcat7 ge 7.0.0 le 7.0.31 CVE-2012-4431 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html |
0b9af110-d529-11e6-ae1b-002590263bf5 | tomcat -- multiple vulnerabilities The Apache Software Foundation reports:
Discovery 2016-11-22 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.48 tomcat7 < 7.0.73 tomcat8 < 8.0.39 CVE-2016-8735 CVE-2016-6816 ports/214599 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 |
81fc1076-1286-11e4-bebd-000c2980a9f3 | tomcat -- multiple vulnerabilities Tomcat Security Team reports:
Discovery 2014-05-23 Entry 2014-07-23 Modified 2017-03-18 tomcat < 6.0.40 tomcat7 < 7.0.53 tomcat8 < 8.0.4 CVE-2014-0096 CVE-2014-0099 CVE-2014-0075 https://tomcat.apache.org/security-6.html https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html |
3ae106e2-d521-11e6-ae1b-002590263bf5 | tomcat -- multiple vulnerabilities The Apache Software Foundation reports:
Discovery 2016-10-27 Entry 2017-01-07 Modified 2017-03-18 tomcat < 6.0.47 tomcat7 < 7.0.72 tomcat8 < 8.0.37 CVE-2016-6797 CVE-2016-6796 CVE-2016-6794 CVE-2016-5018 CVE-2016-0762 http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37 |
25e0593d-13c0-11e5-9afb-3c970e169bc2 | tomcat -- multiple vulnerabilities Apache Software Foundation reports:
Discovery 2015-05-12 Entry 2015-06-16 Modified 2017-03-18 tomcat < 6.0.44 tomcat7 < 7.0.55 tomcat8 < 8.0.9 hadoop2 le 2.6.0 oozie le 4.1.0 CVE-2014-0230 CVE-2014-7810 https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 |
1f1124fe-de5c-11e5-8fa8-14dae9d210b8 | tomcat -- multiple vulnerabilities Mark Thomas reports:
Discovery 2016-02-22 Entry 2016-02-28 Modified 2017-03-18 tomcat < 6.0.45 tomcat7 < 7.0.68 tomcat8 < 8.0.30 http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF96.7070701@apache.org%3e http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF6A.70703@apache.org%3e http://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3c56CAEF4F.5090003@apache.org%3e CVE-2015-5345 CVE-2015-5346 CVE-2016-0706 CVE-2016-0714 |
cbceeb49-3bc7-11e6-8e82-002590263bf5 | Apache Commons FileUpload -- denial of service (DoS) vulnerability Mark Thomas reports:
Discovery 2016-06-20 Entry 2016-06-26 Modified 2017-08-10 tomcat7 < 7.0.70 tomcat8 < 8.0.36 apache-struts < 2.5.2 CVE-2016-3092 ports/209669 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://mail-archives.apache.org/mod_mbox/tomcat-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832%40apache.org%3E http://jvn.jp/en/jp/JVN89379547/index.html |