FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
27616957-b084-11ea-937b-b42e99a1b9c3dbus file descriptor leak

GitHub Security Lab reports:

D-Bus has a file descriptor leak, which can lead to denial of service when the dbus-daemon runs out of file descriptors. An unprivileged local attacker can use this to attack the system dbus-daemon, leading to denial of service for all users of the machine.


Discovery 2020-04-09
Entry 2020-07-03
dbus
< 1.12.18

https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
https://www.openwall.com/lists/oss-security/2020/06/04/3
CVE-2020-12049
c1930f45-6982-11e4-80e1-bcaec565249cdbus -- incomplete fix for CVE-2014-3636 part A

Simon McVittie reports:

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as "CVE-2014-3636 part A", which is repeated below. Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability.


Discovery 2014-11-10
Entry 2014-11-11
dbus
< 1.8.10

CVE-2014-7824
http://lists.freedesktop.org/archives/dbus/2014-November/016395.html