Security Hardening

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: kibana4 — XSS vulnerability Related CVEs: CVE-2015-8131 Upstream summary: Elastic reports: Fixes XSS vulnerability (CVE pending) – Thanks to Vladimir Ivanov for responsibly reporting. Table of contents Symptom & Impact […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: SnappyMail — multiple mXSS in HTML sanitizer Related CVEs: CVE-2024-45800 Upstream summary: Oskar reports: SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php — multiple vulnerabilities Upstream summary: The PHP Group reports: Fileinfo: Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). mbstring: Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: jpgraph2 — XSS vulnerability Upstream summary: Martin Barbella reports: JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: uim — privilege escalation vulnerability Related CVEs: CVE-2005-0503 Upstream summary: The uim developers reports: Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 14 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: php-imap — imap_open allows to run arbitrary shell commands via mailbox parameter Upstream summary: The PHP team reports: imap_open allows to run arbitrary shell commands via mailbox parameter. Table of […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: ganglia-webfrontend — auth bypass Related CVEs: CVE-2015-6816 Upstream summary: Ivan Novikov reports: It's easy to bypass auth by using boolean serialization… Table of contents Symptom & Impact Environment & Reproduction […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: weechat — Arbitrary shell command execution via scripts Related CVEs: CVE-2012-5854 Upstream summary: Sebastien Helleu reports: Untrusted command for function hook_process could lead to execution of commands, because of shell […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: rubygem-doorkeeper — token revocation vulnerability Related CVEs: CVE-2018-1000211 Upstream summary: NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: FreeBSD 12 📖 ~4 min read  •  Source: FreeBSD VuXML VuXML topic: cloud-init — sensitive data exposure in cloud-init logs Related CVEs: CVE-2023-1786 Upstream summary: [email protected] reports: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could […]