Package Management

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Rust — Race condition enabling symlink following Related CVEs: CVE-2019-12083 CVE-2022-21658 Upstream summary: The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Dulwich — Remote code execution Related CVEs: CVE-2015-0838 Upstream summary: MITRE reports: Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mcpp — Heap-based buffer overflow Related CVEs: CVE-2019-14274 Upstream summary: [email protected] reports: MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Table of contents Symptom & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: salt — multiple vulnerabilities Related CVEs: CVE-2019-17361 CVE-2020-11651 CVE-2020-11652 CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 CVE-2020-28243 CVE-2020-28972  +8 more Upstream summary: SaltStack reports multiple security vulnerabilities in Salt CVE-2021-3197: The Salt-API.s SSH client […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ark — extraction outside of extraction directory Related CVEs: CVE-2020-16116 CVE-2020-24654 Upstream summary: Albert Astals Cid reports: Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: PyYAML — arbitrary code execution Related CVEs: CVE-2020-14343 CVE-2020-1747 Upstream summary: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libutp — remote denial of service or arbitrary code execution Related CVEs: CVE-2012-6129 Upstream summary: NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: xloadimage — buffer overflows in NIFF image title handling Related CVEs: CVE-2001-0775 CVE-2005-0638 CVE-2005-3178 Upstream summary: Ariel Berkman reports: Unlike most of the supported image formats in xloadimage, the NIFF […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Jupyter notebook — open redirect vulnerability Related CVEs: CVE-2018-8768 CVE-2019-10255 Upstream summary: Jupyter blog: Login pages tend to take a parameter for redirecting back to a page after successful login, […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: amavisd-new — multipart boundary confusion Related CVEs: CVE-2024-28054 Upstream summary: The Amavis project reports: Emails which consist of multiple parts (`Content-Type: multipart/*`) incorporate boundary information stating at which point one […]