Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-kerberos — DoS and MitM vulnerabilities Related CVEs: CVE-2015-3206 Upstream summary: macosforgebot reports: The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Tomcat — Request Smuggling Related CVEs: CVE-2020-11996 CVE-2020-13934 CVE-2020-13935 CVE-2020-9484 CVE-2022-34305 CVE-2022-42252 Upstream summary: Apache Tomcat reports: If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: polkit — Local Privilege Escalation Related CVEs: CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 CVE-2021-3560 CVE-2021-4034 Upstream summary: Qualys reports: We discovered a Local Privilege Escalation (from any user to root) in polkit's […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: py-impacket — multiple path traversal vulnerabilities Related CVEs: CVE-2021-31800 Upstream summary: asolino reports: Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: shutter — arbitrary code execution Related CVEs: CVE-2015-0854 Upstream summary: Luke Farone reports: In the "Shutter" screenshot application, I discovered that using the "Show in folder" menu option while viewing […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ghostscript — denial of service (crash) via crafted Postscript files Related CVEs: CVE-2015-3228 Upstream summary: MITRE reports: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 15 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: Rundeck3 — Log4J RCE vulnerability Related CVEs: CVE-2021-44832 Upstream summary: The Rundeck project reports: This release updates both Community and Enterprise with the latest Log4J to address CVE-2021-44832 by updating […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: MariaDB — Multiple vulnerabilities Related CVEs: CVE-2026-44168 CVE-2026-44169 CVE-2026-44170 CVE-2026-44171 CVE-2026-44172 CVE-2026-44173 Upstream summary: The MariaDB project reports: See linked CVE's for details. Table of contents Symptom & Impact Environment […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rubygem-paperclip — validation bypass vulnerability Related CVEs: CVE-2015-2963 Upstream summary: Jon Yurek reports: Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this. There is an issue where if […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 13 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: dcraw — integer overflow condition Related CVEs: CVE-2015-3885 Upstream summary: ocert reports: The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition […]