Security Hardening

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: cgit — directory traversal vulnerability Related CVEs: CVE-2016-1899 CVE-2016-1900 CVE-2016-1901 CVE-2018-14912 Upstream summary: Jann Horn reports: cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php5 — multiple vulnerabilities Related CVEs: CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 Upstream summary: The PHP project reports: Core: Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). Fixed bug #70121 […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: irssi — multiple vulnerabilities Related CVEs: CVE-2010-1155 CVE-2010-1156 Upstream summary: Two vulnerabilities have found in irssi. The first issue could allow man-in-the-middle attacks due to a missing comparison of SSL […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-pymatgen — regular expression denial of service Related CVEs: CVE-2022-42964 Upstream summary: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ifmail — unsafe set-user-ID application Upstream summary: Niels Heinen reports that ifmail allows one to specify a configuration file. Since ifmail runs set-user-ID `news', this may allow a local attacker […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Multiple implementations — DoS via hash algorithm collision Related CVEs: CVE-2011-4815 CVE-2011-4838 CVE-2011-5036 CVE-2011-5037 Upstream summary: oCERT reports: A variety of programming languages suffer from a denial-of-service (DoS) condition against […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Multiple implementations — DoS via hash algorithm collision Related CVEs: CVE-2011-4815 CVE-2011-4838 CVE-2011-5036 CVE-2011-5037 Upstream summary: oCERT reports: A variety of programming languages suffer from a denial-of-service (DoS) condition against […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: KeePassX — information disclosure Related CVEs: CVE-2015-8378 Upstream summary: Yves-Alexis Perez reports: Starting an export (using File / Export to / KeepassX XML file) and cancelling it leads to KeepassX […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libxslt — DoS vulnerability due to type confusing error Related CVEs: CVE-2015-7995 Upstream summary: libxslt maintainer reports: CVE-2015-7995: http://www.openwall.com/lists/oss-security/2015/10/27/10 We need to check that the parent node is an element […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-suds — vulnerable to symlink attacks Related CVEs: CVE-2013-2217 Upstream summary: SUSE reports: cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries […]