FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9d9e9439-959e-11ed-b464-b42e991fc52e	security/keycloak -- Multiple possible DoS attacks CIRCL reports: CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. CVE-2022-40151: If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Discovery 2022-09-07 Entry 2023-01-16 keycloak < 20.0.3 CVE-2022-40151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151 CVE-2022-41966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966
fd538d14-5778-4764-b321-2ddd61a8a58f	keycloak -- Missing server identity checks when sending mails via SMTPS Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email communication. Discovery 2024-10-01 Entry 2024-10-31 keycloak < 26.0.4 CVE-2021-44549 https://www.cve.org/CVERecord?id=CVE-2021-44549

VuXML ID

Description

9d9e9439-959e-11ed-b464-b42e991fc52e

security/keycloak -- Multiple possible DoS attacks

CIRCL reports:

CVE-2022-41966: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream.

CVE-2022-40151: If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Discovery 2022-09-07
Entry 2023-01-16
keycloak

< 20.0.3

CVE-2022-40151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151
CVE-2022-41966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966

fd538d14-5778-4764-b321-2ddd61a8a58f

keycloak -- Missing server identity checks when sending mails via SMTPS

Red Hat reports:

A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email communication.

Discovery 2024-10-01
Entry 2024-10-31
keycloak

< 26.0.4

CVE-2021-44549
https://www.cve.org/CVERecord?id=CVE-2021-44549