Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-pdfminer.six — Arbitrary Code Execution in pdfminer.six via Crafted PDF Input Related CVEs: CVE-2025-64512 Upstream summary: Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php — multiple vulnerabilities Related CVEs: CVE-2016-3074 Upstream summary: The PHP Group reports: BCMath: Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). Exif: Fixed bug #72094 (Out […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-social-auth-app-django — Unsafe account association Related CVEs: CVE-2025-61783 Upstream summary: Michal Čihař reports: Upon authentication, the user could be associated by e-mail even if the associate_by_email pipeline was not included. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: OpenDMARC – Remote denial of service Related CVEs: CVE-2019-16378 CVE-2019-20790 CVE-2020-12272 CVE-2020-12460 CVE-2021-34555 Upstream summary: OpenDMARC 1.4.1 and 1.4.1.1 will dereference a NULL pointer when encountering a multi-value From: header […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: isc-dhcpd — Denial of Service Related CVEs: CVE-2015-8605 Upstream summary: ISC reports: A badly formed packet with an invalid IPv4 UDP length field can cause a DHCP server, client, or […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rubygem-rails — multiple vulnerabilities Related CVEs: CVE-2015-1840 CVE-2015-3224 CVE-2015-3225 CVE-2015-3226 CVE-2015-3227 Upstream summary: Ruby on Rails blog: Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: fcgi — Heap-based buffer overflow via crafted nameLen/valueLen in ReadParams Related CVEs: CVE-2025-23016 Upstream summary: [email protected] reports: FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: logstash — password disclosure vulnerability Related CVEs: CVE-2014-3120 CVE-2014-4326 CVE-2015-4152 CVE-2015-5378 Upstream summary: Logstash developers report: Passwords Printed in Log Files under Some Conditions It was discovered that, in Logstash […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: postorius — XSS Related CVEs: CVE-2026-44742 Upstream summary: NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Zabbix — Remote code execution Related CVEs: CVE-2017-2824 Upstream summary: mitre reports: An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted […]