FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  496197
Date:      2019-03-18
Time:      18:25:00Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a04a3c13-4932-11df-83fb-0015587e2cc1ejabberd -- queue overload denial of service vulnerability

The Red Hat security response team reports:

A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found.


Discovery 2010-01-29
Entry 2010-04-19
ejabberd
lt 2.1.3

38003
CVE-2010-0305
http://secunia.com/advisories/38337
http://support.process-one.net/browse/EJAB-1173
http://www.openwall.com/lists/oss-security/2010/01/29/1
http://xforce.iss.net/xforce/xfdb/56025
a04a3c13-4932-11df-83fb-0015587e2cc1ejabberd -- queue overload denial of service vulnerability

The Red Hat security response team reports:

A remotely exploitable DoS from XMPP client to ejabberd server via too many "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found.


Discovery 2010-01-29
Entry 2010-04-19
ejabberd
lt 2.1.3

38003
CVE-2010-0305
http://secunia.com/advisories/38337
http://support.process-one.net/browse/EJAB-1173
http://www.openwall.com/lists/oss-security/2010/01/29/1
http://xforce.iss.net/xforce/xfdb/56025
01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that:

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.


Discovery 2011-04-27
Entry 2011-06-24
ejabberd
lt 2.1.7

CVE-2011-1753
http://www.ejabberd.im/ejabberd-2.1.7
01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that:

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.


Discovery 2011-04-27
Entry 2011-06-24
ejabberd
lt 2.1.7

CVE-2011-1753
http://www.ejabberd.im/ejabberd-2.1.7