This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-15 02:04:10 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
6a72eff7-ccd6-11ea-9172-4c72b94353b5 | Apache Tomcat -- Multiple Vulnerabilities The Apache Software Foundation reports: An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Discovery 2020-07-05 Entry 2020-07-23 Modified 2020-07-23 tomcat7 < 7.0.105 tomcat85 < 8.5.57 tomcat9 < 9.0.37 tomcat-devel < 10.0.0.M7 https://tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-10.html CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 |
d34bef0b-f312-11eb-b12b-fc4dd43e2b6a | tomcat -- HTTP request smuggling in multiple versions Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports:
Discovery 2021-05-07 Entry 2021-08-01 tomcat85 ge 8.5.0 le 8.5.66 tomcat9 ge 9.0.0 le 9.0.46 tomcat10 ge 10.0.0 le 10.0.6 CVE-2021-33037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33037 |
8b571fb2-f311-11eb-b12b-fc4dd43e2b6a | tomcat -- JNDI Realm Authentication Weakness in multiple versions ilja.farber reports:
Discovery 2021-04-08 Entry 2021-08-01 tomcat7 ge 7.0.0 le 7.0.108 tomcat85 ge 8.5.0 le 8.5.65 tomcat9 ge 9.0.0 le 9.0.45 tomcat10 ge 10.0.0 le 10.0.5 CVE-2021-30640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640 |
556fdf03-6785-11ed-953b-002b67dfc673 | Tomcat -- Request Smuggling Apache Tomcat reports:
Discovery 2022-10-31 Entry 2022-11-18 tomcat ge 8.5.0 lt 8.5.83 ge 9.0.0-M1 lt 9.0.68 ge 10.0.0-M1 lt 10.0.27 ge 10.1.0-M1 lt 10.1.1 tomcat85 ge 8.5.0 lt 8.5.83 tomcat9 ge 9.0.0-M1 lt 9.0.68 tomcat10 ge 10.0.0-M1 lt 10.0.27 tomcat101 ge 10.1.0-M1 lt 10.1.1 tomcat-devel ge 10.1.0-M1 lt 10.1.1 CVE-2022-42252 https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |
e2e7faf9-1b51-11ed-ae46-002b67dfc673 | Tomcat -- XSS in examples web application Apache Tomcat reports:
Discovery 2022-06-22 Entry 2022-08-14 tomcat ge 8.5.50 lt 8.5.81 ge 9.0.30 lt 9.0.64 ge 10.0.0-M1 lt 10.0.22 ge 10.1.0-M1 lt 10.1.0-M16 tomcat85 ge 8.5.50 lt 8.5.81 tomcat9 ge 9.0.30 lt 9.0.64 tomcat10 ge 10.0.0-M1 lt 10.0.22 tomcat-devel ge 10.1.0-M1 lt 10.1.0-M16 CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305 |