This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-22 14:49:56 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
b0911985-6e2a-11d9-9557-000a95bc6fae | web browsers -- window injection vulnerabilities A Secunia Research advisory reports:
A workaround for Mozilla-based browsers is available. Discovery 2004-12-08 Entry 2005-01-24 Modified 2005-02-26 firefox < 1.0.1,1 mozilla < 1.7.6,2 linux-mozilla linux-mozilla-devel < 1.7.6 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 mozilla-gtk1 ge 0 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix ge 0 kdebase kdelibs < 3.3.2 opera opera-devel linux-opera < 7.54.20050131 http://secunia.com/secunia_research/2004-13/advisory/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ CVE-2004-1156 http://secunia.com/advisories/13129/ https://bugzilla.mozilla.org/show_bug.cgi?id=273699 https://bugzilla.mozilla.org/show_bug.cgi?id=103638 http://mozillanews.org/?article_date=2004-12-08+06-48-46 CVE-2004-1157 http://secunia.com/advisories/13253/ CVE-2004-1158 http://secunia.com/advisories/13254/ http://www.kde.org/info/security/advisory-20041213-1.txt CVE-2004-1160 http://secunia.com/advisories/13402/ |
603fe36d-ec9d-11d8-b913-000c41e2cdad | kdelibs insecure temporary file handling According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files. Discovery 2004-08-11 Entry 2004-08-12 kdelibs le 3.2.3_3 CVE-2004-0689 CVE-2004-0690 http://www.kde.org/info/security/advisory-20040811-1.txt http://www.kde.org/info/security/advisory-20040811-2.txt ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch |
2f90556f-18c6-11e4-9cc4-5453ed2e2b49 | kdelibs -- KAuth PID Reuse Flaw Martin Sandsmark reports:
Discovery 2014-07-30 Entry 2014-07-31 kdelibs < 4.12.5_3 CVE-2014-5033 http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2 |
29dd0065-81fa-11d9-a9e7-0001020eed82 | kdelibs -- insecure temporary file creation Davide Madrisan reports:
Note: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE. Discovery 2005-01-21 Entry 2005-02-18 Modified 2005-02-20 kdelibs ja-kdelibs < 3.3.2_5 CVE-2005-0365 http://bugs.kde.org/show_bug.cgi?id=97608 http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757 |
f714d8ab-028e-11e7-8042-50e549ebab6c | kio: Information Leak when accessing https when using a malicious PAC file Albert Astals Cid reports:
Discovery 2017-02-28 Entry 2017-03-11 kdelibs < 4.14.29_10 kf5-kio < 5.31.0_1 https://www.kde.org/info/security/advisory-20170228-1.txt |
df333ede-a8ce-11d8-9c6d-0020ed76ef5a | URI handler vulnerabilities in several browsers Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration. After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers. Discovery 2004-05-12 Entry 2004-05-18 linux-opera opera < 7.50 kdelibs < 3.2.2_3 CVE-2004-0411 http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities http://www.kde.org/info/security/advisory-20040517-1.txt http://freebsd.kde.org/index.php#n20040517 |
832e9d75-5bfc-11d9-a9e7-0001020eed82 | kdelibs3 -- konqueror FTP command injection vulnerability Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI. It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction. Discovery 2004-12-01 Entry 2005-01-01 Modified 2005-01-04 ja-kdelibs kdelibs < 3.3.2_2 11827 CVE-2004-1165 http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681 http://marc.theaimsgroup.com/?l=full-disclosure&m=110387390226693 http://marc.theaimsgroup.com/?l=full-disclosure&m=110390734925183 http://www.kde.org/info/security/advisory-20050101-1.txt |
641859e8-eca1-11d8-b913-000c41e2cdad | Mutiple browser frame injection vulnerability A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:
A KDE Security Advisory reports:
Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/. Discovery 2004-08-11 Entry 2004-08-12 Modified 2004-09-14 kdelibs < 3.2.3_3 kdebase < 3.2.3_1 linux-opera opera ge 7.50 lt 7.52 firefox < 0.9 linux-mozilla linux-mozilla-devel mozilla-gtk1 < 1.7 mozilla < 1.7,2 netscape7 < 7.2 CVE-2004-0717 CVE-2004-0718 CVE-2004-0721 http://secunia.com/advisories/11978/ http://bugzilla.mozilla.org/show_bug.cgi?id=246448 ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch |
14ad2a28-66d2-11dc-b25f-02e0185f8d72 | konquerer -- address bar spoofing The KDE development team reports:
Discovery 2007-09-14 Entry 2007-09-19 kdebase < 3.5.7_3 kdelibs < 3.5.7_2 CVE-2007-3820 CVE-2007-4224 CVE-2007-4225 http://www.kde.org/info/security/advisory-20070914-1.txt |
972697a7-9a42-11d9-a256-0001020eed82 | kdelibs -- local DCOP denial of service vulnerability A KDE Security Advisory reports:
Discovery 2005-03-16 Entry 2005-03-21 ja-kdelibs kdelibs-nocups kdelibs < 3.4.0 CVE-2005-0396 http://www.kde.org/info/security/advisory-20050316-1.txt |
4472ab39-6c66-11e6-9ca5-50e549ebab6c | kdelibs -- directory traversal vulnerability David Faure reports:
Discovery 2016-07-24 Entry 2016-08-27 kdelibs < 4.14.10_7 CVE-2016-6232 https://www.kde.org/info/security/advisory-20160724-1.txt |
2797b27a-f55b-11d8-81b0-000347a4fa7d | kdelibs -- konqueror cross-domain cookie injection According to a KDE Security Advisory:
Discovery 2004-08-23 Entry 2004-08-26 kdelibs < 3.2.3_3 CVE-2004-0746 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.osvdb.org/9117 http://secunia.com/advisories/12341 http://www.acros.si/papers/session_fixation.pdf 10991 |
0baee383-356c-11e7-b9a9-50e549ebab6c | kauth: Local privilege escalation Albert Astals Cid reports:
Discovery 2017-05-10 Entry 2017-05-10 kdelibs < 4.14.30_4 kf5-kauth < 5.33.0_1 CVE-2017-8422 http://www.openwall.com/lists/oss-security/2017/05/10/3 https://www.kde.org/info/security/advisory-20170510-1.txt |
d8fbf13a-6215-11db-a59e-0211d85f11fb | kdelibs -- integer overflow in khtml Red Hat reports:
Discovery 2006-10-14 Entry 2006-10-22 kdelibs kdelibs-nocups < 3.5.4_4 qt qt-copy < 3.3.6_3 CVE-2006-4811 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742 http://rhn.redhat.com/errata/RHSA-2006-0720.html |