FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
18e5428f-ae7c-11d9-837d-000e0c2e438a	jdk -- jar directory traversal vulnerability Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem. Discovery 2005-04-11 Entry 2005-04-16 Modified 2006-09-12 jdk <= 1.2.2p11_3 >= 1.3.* le 1.3.1p9_4 >= 1.4.* le 1.4.2p7 >= 1.5.* le 1.5.0p1_1 linux-ibm-jdk <= 1.4.2_1 linux-sun-jdk <= 1.4.2.08_1 = 1.5.0b1 = 1.5.0b1,1 >= 1.5.0,2 le 1.5.0.02,2 linux-blackdown-jdk <= 1.4.2_2 diablo-jdk <= 1.3.1.0_1 diablo-jdk-freebsd6 <= i386.1.5.0.07.00 linux-jdk >= 0 CVE-2005-1080 http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508 http://www.securiteam.com/securitynews/5IP0C0AFGW.html http://secunia.com/advisories/14902/
c93e4d41-75c5-11dc-b903-0016179b2dd5	jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented SUN reports: A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. Discovery 2007-10-03 Entry 2007-10-08 Modified 2007-11-16 jdk >= 1.3.0 lt 1.6.0.3p3 >= 1.5.0,1 lt 1.5.0.13p7,1 linux-blackdown-jdk >= 1.3.0 linux-sun-jdk >= 1.3.0 lt 1.3.1.20 >= 1.4.0 lt 1.4.2.16 = 1.5.0.b1 = 1.5.0.b1,1 >= 1.5.0,2 lt 1.5.0.13,2 >= 1.6.0 lt 1.6.0.03 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 CVE-2007-5232

VuXML ID

Description

18e5428f-ae7c-11d9-837d-000e0c2e438a

jdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.

Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk

<= 1.2.2p11_3

>= 1.3.* le 1.3.1p9_4

>= 1.4.* le 1.4.2p7

>= 1.5.* le 1.5.0p1_1

linux-ibm-jdk

<= 1.4.2_1

linux-sun-jdk

<= 1.4.2.08_1

= 1.5.0b1

= 1.5.0b1,1

>= 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk

<= 1.4.2_2

diablo-jdk

<= 1.3.1.0_1

diablo-jdk-freebsd6

<= i386.1.5.0.07.00

linux-jdk

>= 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/

c93e4d41-75c5-11dc-b903-0016179b2dd5

jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

SUN reports:

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

Discovery 2007-10-03
Entry 2007-10-08
Modified 2007-11-16
jdk

>= 1.3.0 lt 1.6.0.3p3

>= 1.5.0,1 lt 1.5.0.13p7,1

linux-blackdown-jdk

>= 1.3.0

linux-sun-jdk

>= 1.3.0 lt 1.3.1.20

>= 1.4.0 lt 1.4.2.16

= 1.5.0.b1

= 1.5.0.b1,1

>= 1.5.0,2 lt 1.5.0.13,2

>= 1.6.0 lt 1.6.0.03

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
CVE-2007-5232