Fix Prevention

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: hsftp format string vulnerabilities Upstream summary: Ulf Härnhammar discovered a format string bug in hsftp's file listing code may allow a malicious server to cause arbitrary code execution by the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: TiMidity++ — Multiple vulnerabilities Related CVEs: CVE-2017-11546 CVE-2017-11547 CVE-2017-11549 Upstream summary: qflb.wu of DBAPPSecurity reports: Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of service(divide-by-zero error […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: kramdown — template option vulnerability Related CVEs: CVE-2020-14001 Upstream summary: kramdown news: CVE-2020-14001 is addressed to avoid problems when using the {::options /} extension together with the 'template' option. Table […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ChiTeX/ChiLaTeX unsafe set-user-id root Upstream summary: Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system(3) without setting up the environment, trivially allowing local root compromise. Table of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: TiMidity++ — Multiple vulnerabilities Related CVEs: CVE-2017-11546 CVE-2017-11547 CVE-2017-11549 Upstream summary: qflb.wu of DBAPPSecurity reports: Ihe insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 can cause a denial of service(divide-by-zero error […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: typo3 — XSS vulnerability in svg-sanitize Related CVEs: CVE-2020-11063 CVE-2020-11064 CVE-2020-11065 CVE-2020-11066 CVE-2020-11067 CVE-2020-11069 CVE-2020-15098 CVE-2020-15099  +1 more Upstream summary: The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php5 — multiple vulnerabilities Related CVEs: CVE-2015-4643 CVE-2015-4644 Upstream summary: The PHP project reports: DOM and GD: Fixed bug #69719 (Incorrect handling of paths with NULs). FTP: Improved fix for […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libntlm — buffer overflow vulnerability Related CVEs: CVE-2019-17455 Upstream summary: NVD reports: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mosquitto — NULL pointer dereference Upstream summary: Roger Light reports: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-cryptography — tag forgery vulnerability Related CVEs: CVE-2016-9243 CVE-2018-10903 Upstream summary: The Python Cryptographic Authority (PyCA) project reports: finalize_with_tag() allowed tag truncation by default which can allow tag forgery in […]