Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2021-12-30 Mbed TLS -- Potential double-free after an out of memory error
2020-09-06 Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS
Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman
2020-07-07 Mbed TLS -- Side-channel attack on ECC key import and validation
2020-04-15 Mbed TLS -- Side channel attack on ECDSA
2020-02-24 Mbed TLS -- Cache attack against RSA key import in SGX
Mbed TLS -- Side channel attack on ECDSA
2019-09-19 Mbed TLS -- Side channel attack on deterministic ECDSA
2018-12-14 Mbed TLS -- Local timing attack on RSA decryption
2018-08-10 mbed TLS -- plaintext recovery vulnerabilities
2018-04-23 mbed TLS (PolarSSL) -- multiple vulnerabilities
2018-03-10 mbed TLS (PolarSSL) -- remote code execution
2017-03-12 mbed TLS (PolarSSL) -- multiple vulnerabilities
2016-01-07 mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
2015-10-15 mbedTLS/PolarSSL -- DoS and possible remote code execution
2015-10-06 mbedTLS/PolarSSL -- multiple vulnerabilities