Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.


Entered Topic
2020-10-22 glpi -- Insecure Direct Object Reference on ajax/
glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php
2020-10-01 glpi -- Any CalDAV calendars is read-only for every authenticated user
2020-06-25 glpi -- leakage issue with knowledge base
glpi -- Multiple SQL Injections Stemming From isNameQuoted()
glpi -- SQL injection for all usages of "Clone" feature
glpi -- SQL Injection in Search API
glpi -- Unauthenticated File Deletion
glpi -- Unauthenticated Stored XSS
2020-05-09 glpi -- stored XSS
2020-03-30 glpi -- able to read any token through API user endpoint
glpi -- bypass of the open redirect protection
glpi -- Improve encryption algorithm
glpi -- multiple related stored XSS vulnerabilities
glpi -- Reflexive XSS in Dropdown menus
glpi -- Remote Code Execution (RCE) via the backup functionality
glpi -- SQL injection for all helpdesk instances
glpi -- weak csrf tokens
2020-01-02 glpi -- Public GLPIKEY can be used to decrypt any data
2019-08-05 glpi -- Account takeover vulnerability
2012-02-10 glpi -- remote attack via crafted POST request
2009-01-28 glpi -- SQL Injection