FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-09-15 18:04:00 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a8674c14-83d7-11db-88d5-0012f06707f0ruby -- cgi.rb library Denial of Service

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.


Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
>= 1.8.*,1 lt 1.8.5_5,1

ruby_static
>= 1.8.*,1

CVE-2006-6303
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
53802164-3f7e-11dd-90ea-0019666436c2ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.


Discovery 2008-06-19
Entry 2008-06-21
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
>= 1.8.*,1 lt 1.8.6.111_3,1

ruby_static
>= 1.8.*,1

CVE-2008-2726
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
>= 0

php54
php53
php52
php5
php4
>= 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
>= 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
>= 0

apache21
apache20
apache13
>= 0

tomcat55
tomcat41
>= 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
>= 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
>= 0

ports/211975
ab8dbe98-6be4-11db-ae91-0012f06707f0ruby -- cgi.rb library Denial of Service

Official ruby site reports:

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition.


Discovery 2006-10-25
Entry 2006-11-04
Modified 2006-12-15
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
>= 1.8.*,1 lt 1.8.5_4,1

ruby_static
>= 1.8.*,1

20777
CVE-2006-5467
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html