Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: postorius — XSS Related CVEs: CVE-2026-44742 Upstream summary: NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: evince and atril — command injection vulnerability in CBT handler Related CVEs: CVE-2017-1000083 Upstream summary: GNOME reports: The comic book backend in evince 3.24.0 (and earlier) is vulnerable to a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: wheel — CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Related CVEs: CVE-2026-24049 Upstream summary: https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: libsamplerate — multiple vulnerabilities Related CVEs: CVE-2017-7697 Upstream summary: NVD reports: In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: glibc — getaddrinfo stack-based buffer overflow Related CVEs: CVE-2014-6271 CVE-2014-7169 CVE-2015-0235 CVE-2015-7547 Upstream summary: Fabio Olive Leite reports: A stack-based buffer overflow was found in libresolv when invoked from nss_dns, […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: asterisk and pjsip — multiple vulnerabilities Upstream summary: The Asterisk project reports: AST-2018-002 – By crafting an SDP message with an invalid media format description Asterisk crashes when using the […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Roundcube — Multiple vulnerabilities Related CVEs: CVE-2008-5619 CVE-2009-0413 CVE-2011-2937 CVE-2012-3508 CVE-2013-1904 CVE-2015-5381 CVE-2015-5383 CVE-2016-5103  +8 more Upstream summary: The Roundcube project reports: Cross-Site-Scripting vulnerability via SVG’s animate tag Information Disclosure […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Apache httpd — denial of service in HTTP/2 Related CVEs: CVE-2016-8740 Upstream summary: mod_http2 reports: The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations on request headers correctly […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: mod_dav — lock related denial-of-service Related CVEs: CVE-2004-0809 Upstream summary: A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache mod_dav module. This could […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: The GIMP — Use after Free vulnerability Related CVEs: CVE-2016-4994 Upstream summary: The GIMP team reports: A Use-after-free vulnerability was found in the xcf_load_image function. Table of contents Symptom & […]