Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2024-05-09 PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.
2024-02-08 postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
2023-11-09 postgresql-server -- Buffer overrun from integer overflow in array modification
postgresql-server -- Memory disclosure in aggregate function calls
postgresql-server -- Role pg_cancel_backend can signal certain superuser processes
2023-08-10 postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection
postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies
2023-05-11 postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
postgresql-server -- Row security policies disregard user ID changes after inlining
2014-02-20 PostgreSQL -- multiple privilege issues
2013-04-04 PostgreSQL -- anonymous remote access data corruption vulnerability
2012-08-17 databases/postgresql*-server -- multiple vulnerabilities
2012-05-30 databases/postgresql*-server -- crypt vulnerabilities
2010-03-25 postgresql -- bitsubstr overflow
2009-12-17 postgresql -- multiple vulnerabilities
2008-04-24 postgresql -- multiple vulnerabilities
2006-08-13 postgresql -- encoding based SQL injection
postgresql -- multiple vulnerabilities
2006-02-18 postgresql81-server -- SET ROLE privilege escalation
2005-02-17 postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-08 postgresql -- privilege escalation vulnerability