FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-06 18:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a96cd659-303e-11f0-94b5-54ee755069b5	libxslt -- multiple vulnerabilities [CVE-2024-55549] Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. [CVE-2025-24855] Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. Discovery 2025-03-13 Entry 2025-05-13 libxslt < 1.1.43 CVE-2024-55549 CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2025-24855
93167bef-9752-11e9-b61c-b885849ded8e	libxslt -- security framework bypass Mitre report: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. Discovery 2019-04-10 Entry 2019-07-16 libxslt < 1.1.33 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068

VuXML ID

Description

a96cd659-303e-11f0-94b5-54ee755069b5

libxslt -- multiple vulnerabilities

[CVE-2024-55549] Fix UAF related to excluded namespaces

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

[CVE-2025-24855] Fix use-after-free of XPath context node

numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Discovery 2025-03-13
Entry 2025-05-13
libxslt

< 1.1.43

CVE-2024-55549
CVE-2025-24855
https://nvd.nist.gov/vuln/detail/CVE-2024-55549
https://nvd.nist.gov/vuln/detail/CVE-2025-24855

93167bef-9752-11e9-b61c-b885849ded8e

libxslt -- security framework bypass

Mitre report:

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Discovery 2019-04-10
Entry 2019-07-16
libxslt

< 1.1.33

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068