Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2022-05-15 go -- syscall.Faccessat checks wrong group on Linux
2022-05-02 go -- multiple vulnerabilities
2022-03-19 go -- multiple vulnerabilities
2022-02-18 go -- multiple vulnerabilities
2021-12-09 go -- multiple vulnerabilities
2021-11-05 go -- multiple vulnerabilities
2021-10-09 go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data
2021-09-10 go -- archive/zip: overflow in preallocation check can cause OOM panic
2021-08-05 go -- net/http: panic due to racy read of persistConn after handler panic
2021-07-12 go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters
2021-06-03 go -- multiple vulnerabilities
2021-05-06 go -- net/http: ReadRequest can stack overflow due to recursion with very large headers
2021-03-10 go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open
2021-01-19 go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
2020-11-12 go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo
2020-09-01 go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
2020-08-06 go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
2019-09-26 go -- invalid headers are normalized, allowing request smuggling
2016-04-14 go -- remote denial of service
2016-01-18 go -- information disclosure vulnerability
2015-08-25 go -- multiple vulnerabilities