Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: habari — Cross-Site Scripting Vulnerability Related CVEs: CVE-2008-4601 Upstream summary: Secunia reports: Input passed via the "habari_username" parameter when logging in is not properly sanitised before being returned to the […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: SOGo — SAML user authentication impersonation Related CVEs: CVE-2021-33054 Upstream summary: sogo.nu reports: SOGo was not validating the signatures of any SAML assertions it received. This means any actor with […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php — multiple vulnerabilities Related CVEs: CVE-2015-8874 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772  +1 more Upstream summary: The PHP Group reports: Please reference CVE/URL list for details Table of […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: elinks — buffer overflow vulnerability Related CVEs: CVE-2008-7224 Upstream summary: SecurityFocus reports: ELinks is prone to an off-by-one buffer-overflow vulnerability because the application fails to accurately reference the last element […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: squashfs-tools — Integer overflow Related CVEs: CVE-2015-4645 Upstream summary: Phillip Lougher reports: Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: puppetdb — Potential SQL injection Related CVEs: CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-7943 CVE-2020-9548 CVE-2021-27021 CVE-2022-31197 Upstream summary: Puppet reports: The org.postgresql/postgresql driver has been updated to version 42.4.1 to address […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php-mbstring — php mbstring buffer overflow vulnerability Related CVEs: CVE-2008-5557 Upstream summary: SecurityFocus reports: PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-numpy — Missing return-value validation of the function PyArray_DescrNew Related CVEs: CVE-2021-41495 Upstream summary: Numpy reports: At most call-sites for PyArray_DescrNew, there are no validations of its return, but an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mozilla — multiple vulnerabilities Related CVEs: CVE-2008-1418 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423 CVE-2008-2009 CVE-2012-0444 CVE-2018-5146 CVE-2018-5147 Upstream summary: The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: p5-libwww — possibility to remote servers to create file with a .(dot) character Related CVEs: CVE-2010-2253 Upstream summary: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that […]