This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-09 22:37:04 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
676ca486-9c1e-11ea-8b5e-b42e99a1b9c3 | Apache Tomcat Remote Code Execution via session persistence The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control Discovery 2020-05-12 Entry 2020-05-22 tomcat7 < 7.0.104 tomcat85 < 8.5.55 tomcat9 < 9.0.35 tomcat-devel < 10.0.0.M5 http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://tomcat.apache.org/security-10.html CVE-2020-9484 |
556fdf03-6785-11ed-953b-002b67dfc673 | Tomcat -- Request Smuggling Apache Tomcat reports:
Discovery 2022-10-31 Entry 2022-11-18 tomcat ge 8.5.0 lt 8.5.83 ge 9.0.0-M1 lt 9.0.68 ge 10.0.0-M1 lt 10.0.27 ge 10.1.0-M1 lt 10.1.1 tomcat85 ge 8.5.0 lt 8.5.83 tomcat9 ge 9.0.0-M1 lt 9.0.68 tomcat10 ge 10.0.0-M1 lt 10.0.27 tomcat101 ge 10.1.0-M1 lt 10.1.1 tomcat-devel ge 10.1.0-M1 lt 10.1.1 CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |
d34bef0b-f312-11eb-b12b-fc4dd43e2b6a | tomcat -- HTTP request smuggling in multiple versions Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports:
Discovery 2021-05-07 Entry 2021-08-01 tomcat85 ge 8.5.0 le 8.5.66 tomcat9 ge 9.0.0 le 9.0.46 tomcat10 ge 10.0.0 le 10.0.6 CVE-2021-33037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037 |
8b571fb2-f311-11eb-b12b-fc4dd43e2b6a | tomcat -- JNDI Realm Authentication Weakness in multiple versions ilja.farber reports:
Discovery 2021-04-08 Entry 2021-08-01 tomcat7 ge 7.0.0 le 7.0.108 tomcat85 ge 8.5.0 le 8.5.65 tomcat9 ge 9.0.0 le 9.0.45 tomcat10 ge 10.0.0 le 10.0.5 CVE-2021-30640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640 |
6a72eff7-ccd6-11ea-9172-4c72b94353b5 | Apache Tomcat -- Multiple Vulnerabilities The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Discovery 2020-07-05 Entry 2020-07-23 Modified 2020-07-23 tomcat7 < 7.0.105 tomcat85 < 8.5.57 tomcat9 < 9.0.37 tomcat-devel < 10.0.0.M7 https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-10.html CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 |