Documenting security issues in FreeBSD and the FreeBSD Ports Collection
Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:
Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.
|[by package name]||[by topic]||[by CVE name]||[by entry date]||[by modified date]||[by VuXML ID]|
|2021-09-10||go -- archive/zip: overflow in preallocation check can cause OOM panic|
|2021-08-05||go -- net/http: panic due to racy read of persistConn after handler panic|
|2021-07-12||go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters|
|2021-06-03||go -- multiple vulnerabilities|
|2021-05-06||go -- net/http: ReadRequest can stack overflow due to recursion with very large headers|
|2021-03-10||go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open|
|2021-01-19||go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve|
|2020-11-12||go -- math/big: panic during recursive division of very large numbers; cmd/go: arbitrary code execution at build time through cgo|
|2020-09-01||go -- net/http/cgi, net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified|
|2020-08-06||go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs|
|2019-09-26||go -- invalid headers are normalized, allowing request smuggling|
|2016-04-14||go -- remote denial of service|
|2016-01-18||go -- information disclosure vulnerability|
|2015-08-25||go -- multiple vulnerabilities|
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.