Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: tcpslice — heap-based use-after-free in extract_slice() Related CVEs: CVE-2021-41043 Upstream summary: The Tcpdump Group reports: heap-based use-after-free in extract_slice() Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: The Update Framwork — path traversal vulnerability Related CVEs: CVE-2021-41131 Upstream summary: NVD reports: python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Wagtail — XSS vulnerability Related CVEs: CVE-2020-11001 CVE-2020-11037 CVE-2020-15118 Upstream summary: GitHub Advisory Database: When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: multiple buffer overflows in xboing Related CVEs: CVE-2004-0149 Upstream summary: Steve Kemp reports (in a Debian bug submission): Due to improper bounds checking it is possible for a malicious user […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-tflite — buffer overflow vulnerability Related CVEs: CVE-2021-37689 CVE-2022-41894 Upstream summary: Thibaut Goetghebuer-Planchon reports: The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: spotipy — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Related CVEs: CVE-2023-23608 CVE-2025-27154 CVE-2025-66040 Upstream summary: https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports: Spotipy is a Python library for the Spotify […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: openoffice — DOC document heap overflow vulnerability Related CVEs: CVE-2004-0752 CVE-2005-0941 Upstream summary: AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ghostscript — insecure temporary file creation vulnerability Related CVEs: CVE-2004-0967 Upstream summary: Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-setuptools — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Related CVEs: CVE-2022-40897 CVE-2025-47273 Upstream summary: https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a package that allows users to download, […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-foolscap — local file inclusion Upstream summary: Brian Warner reports: The "flappserver" feature was found to have a vulnerability in the service-lookup code which, when combined with an attacker who […]