FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-01-24 11:07:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9f9b0b37-88fa-11f0-90a2-6cc21735f730	Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software (notably on Windows). A SQL injection vulnerability was identified in some of the queries issued by the plugin, and this can be creatively exploited through specially crafted inputs to exfiltrate information stored in the database used by the SP. Discovery 2025-09-03 Entry 2025-09-03 shibboleth-sp < 3.5.1 https://shibboleth.net/community/advisories/secadv_20250903.txt
b202e4ce-3114-11e5-aa32-0026551a22dc	shibboleth-sp -- DoS vulnerability Shibboleth consortium reports: Shibboleth SP software crashes on well-formed but invalid XML. The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML metadata or SAML protocol messages. The result is a crash and so causes a denial of service. You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later. The easiest way to do so is to update the whole chain including shibboleth-2.5.5 an opensaml2.5.5. Discovery 2015-07-21 Entry 2015-07-23 xmltooling < 1.5.5 opensaml2 < 2.5.5 shibboleth-sp < 2.5.5 http://shibboleth.net/community/advisories/secadv_20150721.txt CVE-2015-2684

VuXML ID

Description

9f9b0b37-88fa-11f0-90a2-6cc21735f730

Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin

Internet2 reports:

The Shibboleth Service Provider includes a storage API usable for a number of different use cases such as the session cache, replay cache, and relay state management. An ODBC extension plugin is provided with some distributions of the software (notably on Windows).

A SQL injection vulnerability was identified in some of the queries issued by the plugin, and this can be creatively exploited through specially crafted inputs to exfiltrate information stored in the database used by the SP.

Discovery 2025-09-03
Entry 2025-09-03
shibboleth-sp

< 3.5.1

https://shibboleth.net/community/advisories/secadv_20250903.txt

b202e4ce-3114-11e5-aa32-0026551a22dc

shibboleth-sp -- DoS vulnerability

Shibboleth consortium reports:

Shibboleth SP software crashes on well-formed but invalid XML.

The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML metadata or SAML protocol messages. The result is a crash and so causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later. The easiest way to do so is to update the whole chain including shibboleth-2.5.5 an opensaml2.5.5.

Discovery 2015-07-21
Entry 2015-07-23
xmltooling

< 1.5.5

opensaml2

< 2.5.5

shibboleth-sp

< 2.5.5

http://shibboleth.net/community/advisories/secadv_20150721.txt
CVE-2015-2684