Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2024-04-23 ruby -- Arbitrary memory address read vulnerability with Regex search
2023-03-30 rubygem-time -- ReDoS vulnerability
rubygem-uri -- ReDoS vulnerability
2022-11-24 rubygem-cgi -- HTTP response splitting vulnerability
2022-04-13 Ruby -- Buffer overrun in String-to-Float conversion
Ruby -- Double free in Regexp compilation
2021-11-24 rubygem-cgi -- buffer overrun in CGI.escape_html
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-15 rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
2021-07-14 Ruby -- multiple vulnerabilities
2021-04-05 ruby -- XML round-trip vulnerability in REXML
2019-10-02 ruby -- multiple vulnerabilities
2019-08-29 RDoc -- multiple jQuery vulnerabilities
2018-10-20 ruby -- multiple vulnerabilities
2018-03-29 ruby -- multiple vulnerabilities
2017-12-14 ruby -- Command injection vulnerability in Net::FTP
2017-09-19 ruby -- multiple vulnerabilities
2016-08-18 End of Life Ports
2015-12-23 Ruby -- unsafe tainted string vulnerability
2015-04-14 Ruby -- OpenSSL Hostname Verification Vulnerability
2013-02-24 ruby -- DoS vulnerability in REXML
2013-02-16 Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON
Ruby -- XSS exploit of RDoc documentation generated by rdoc
2012-11-10 ruby -- Hash-flooding DoS vulnerability for ruby 1.9
2012-11-01 ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s
ruby -- Unintentional file creation caused by inserting an illegal NUL character
2012-01-16 Multiple implementations -- DoS via hash algorithm collision
2010-08-17 ruby -- UTF-7 encoding XSS vulnerability in WEBrick
2009-12-09 ruby -- heap overflow vulnerability
2009-06-13 ruby -- BigDecimal denial of service vulnerability
2008-08-16 ruby -- DNS spoofing vulnerability
ruby -- DoS vulnerability in WEBrick
ruby -- multiple vulnerabilities in safe level
2008-06-21 ruby -- multiple integer and buffer overflow vulnerabilities
2006-12-04 ruby -- cgi.rb library Denial of Service
2006-11-04 ruby -- cgi.rb library Denial of Service
2006-07-29 ruby -- multiple vulnerabilities
2005-10-27 ruby -- vulnerability in the safe level settings
2005-06-23 ruby -- arbitrary command execution on XMLRPC server
2004-11-13 ruby -- CGI DoS
2004-08-16 Ruby insecure file permissions in the CGI session management