path: root/security/vuxml/vuln/2023.xml

  <vuln vid="dec6b8e9-c9fe-11ed-bb39-901b0e9408dc">
    <topic>dino -- Insufficient message sender validation in Dino</topic>
    <affects>
      <package>
	<name>dino</name>
	<range><lt>0.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dino team reports:</p>
	<blockquote cite="https://dino.im/security/cve-2023-28686/">
	  <p>Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows
	attackers to modify the personal bookmark store via a crafted
	message.  The attacker can change the display of group chats or
	force a victim to join a group chat; the victim may then be tricked
	into disclosing sensitive information.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28686</cvename>
      <url>https://dino.im/security/cve-2023-28686/</url>
    </references>
    <dates>
      <discovery>2023-03-23</discovery>
      <entry>2023-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="38f213b6-8f3d-4067-91ef-bf14de7ba518">
    <topic>libXpm -- Issues handling XPM files</topic>
    <affects>
      <package>
	<name>libXpm</name>
	<range><lt>3.5.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-January/003312.html">
	  <ol>
	    <li>CVE-2022-46285: Infinite loop on unclosed comments

	    <p>When reading XPM images from a file with libXpm 3.5.14 or older, if a
	    comment in the file is not closed (i.e. a C-style comment starts with
	    "/*" and is missing the closing "*/"), the ParseComment() function will
	    loop forever calling getc() to try to read the rest of the comment,
	    failing to notice that it has returned EOF, which may cause a denial of
	    service to the calling program.</p>

	    <p>This issue was found by Marco Ivaldi of the Humanativa Group's HN Security team.</p>

	    <p>The fix is provided in
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148</p></li>

	    <li>CVE-2022-44617: Runaway loop on width of 0 and enormous height

	    <p>When reading XPM images from a file with libXpm 3.5.14 or older, if a
	    image has a width of 0 and a very large height, the ParsePixels() function
	    will loop over the entire height calling getc() and ungetc() repeatedly,
	    or in some circumstances, may loop seemingly forever, which may cause a denial
	    of service to the calling program when given a small crafted XPM file to parse.</p>

	    <p>This issue was found by Martin Ettl.</p>

	    <p>The fix is provided in
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
	    and
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d</p></li>

	    <li>CVE-2022-4883: compression commands depend on $PATH

	    <p>By default, on all platforms except MinGW, libXpm will detect if a filename
	    ends in .Z or .gz, and will when reading such a file fork off an uncompress
	    or gunzip command to read from via a pipe, and when writing such a file will
	    fork off a compress or gzip command to write to via a pipe.</p>

	    <p>In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
	    to find the commands.  If libXpm is called from a program running with
	    raised privileges, such as via setuid, then a malicious user could set
	    $PATH to include programs of their choosing to be run with those privileges.</p>

	    <p>This issue was found by Alan Coopersmith of the Oracle Solaris team.</p></li>
	  </ol>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-January/003312.html</url>
      <cvename>CVE-2022-46285</cvename>
      <cvename>CVE-2022-44617</cvename>
      <cvename>CVE-2022-4883</cvename>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="1b15a554-c981-11ed-bb39-901b0e9408dc">
    <topic>tailscale -- security vulnerability in Tailscale SSH</topic>
    <affects>
      <package>
	<name>tailscale</name>
	<range><lt>1.38.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tailscale team reports:</p>
	<blockquote cite="https://tailscale.com/security-bulletins/#ts-2023-003">
	  <p>A vulnerability identified in the implementation of Tailscale SSH in FreeBSD
	  allowed commands to be run with a higher privilege group ID than that specified
	  by Tailscale SSH access rules.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28436</cvename>
      <url>https://tailscale.com/security-bulletins/#ts-2023-003</url>
    </references>
    <dates>
      <discovery>2023-03-22</discovery>
      <entry>2023-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="c8b334e0-6e83-4575-81d1-f9d5803ceb07">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>111.0.5563.110</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>111.0.5563.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html">
	 <p>This update includes 8 security fixes:</p>
	 <ul>
	   <li>[1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07</li>
	   <li>[1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27</li>
	   <li>[1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27</li>
	   <li>[1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13</li>
	   <li>[1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03</li>
	   <li>[1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07</li>
	   <li>[1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1528</cvename>
      <cvename>CVE-2023-1529</cvename>
      <cvename>CVE-2023-1530</cvename>
      <cvename>CVE-2023-1531</cvename>
      <cvename>CVE-2023-1532</cvename>
      <cvename>CVE-2023-1533</cvename>
      <cvename>CVE-2023-1534</cvename>
      <url>https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html</url>
    </references>
    <dates>
      <discovery>2023-03-21</discovery>
      <entry>2023-03-22</entry>
    </dates>
  </vuln>

  <vuln vid="a60cc0e4-c7aa-11ed-8a4b-080027f5fec9">
    <topic>redis -- specially crafted MSETNX command can lead to denial-of-service</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.10</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.10.20230320</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Yupeng Yang reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c">
	  <p>
	    Authenticated users can use the MSETNX command to trigger
	    a runtime assertion and termination of the Redis server
	    process.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28425</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-03-21</entry>
    </dates>
  </vuln>

  <vuln vid="0d7d104c-c6fb-11ed-8a4b-080027f5fec9">
    <topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>8.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Harry Sintonen reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <dl>
	    <dt>CVE-2023-27533</dt>
	    <dd>
	      curl supports communicating using the TELNET protocol
	      and as a part of this it offers users to pass on user
	      name and &quot;telnet options&quot; for the server
	      negotiation.

	      Due to lack of proper input scrubbing and without it
	      being the documented functionality, curl would pass on
	      user name and telnet options to the server as
	      provided. This could allow users to pass in carefully
	      crafted content that pass on content or do option
	      negotiation without the application intending to do
	      so. In particular if an application for example allows
	      users to provide the data or parts of the data.
	    </dd>
	    <dt>CVE-2023-27534</dt>
	    <dd>
	      curl supports SFTP transfers. curl's SFTP implementation
	      offers a special feature in the path component of URLs:
	      a tilde (~) character as the first path element in the
	      path to denotes a path relative to the user's home
	      directory. This is supported because of wording in the
	      once proposed to-become RFC draft that was to dictate
	      how SFTP URLs work.

	      Due to a bug, the handling of the tilde in SFTP path did
	      however not only replace it when it is used stand-alone
	      as the first path element but also wrongly when used as
	      a mere prefix in the first element.

	      Using a path like /~2/foo when accessing a server using
	      the user dan (with home directory /home/dan) would then
	      quite surprisingly access the file /home/dan2/foo.

	      This can be taken advantage of to circumvent filtering
	      or worse.
	    </dd>
	    <dt>CVE-2023-27535</dt>
	    <dd>
	      libcurl would reuse a previously created FTP connection
	      even when one or more options had been changed that
	      could have made the effective user a very different one,
	      thus leading to the doing the second transfer with wrong
	      credentials.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, several FTP settings
	      were left out from the configuration match checks,
	      making them match too easily. The settings in questions
	      are CURLOPT_FTP_ACCOUNT,
	      CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and
	      CURLOPT_USE_SSL level.
	    </dd>
	    <dt>CVE-2023-27536</dt>
	    <dd>
	      ibcurl would reuse a previously created connection even
	      when the GSS delegation (CURLOPT_GSSAPI_DELEGATION)
	      option had been changed that could have changed the
	      user's permissions in a second transfer.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, this GSS delegation
	      setting was left out from the configuration match
	      checks, making them match too easily, affecting
	      krb5/kerberos/negotiate/GSSAPI transfers.
	    </dd>
	    <dt>CVE-2023-27537</dt>
	    <dd>
	      libcurl supports sharing HSTS data between separate
	      "handles". This sharing was introduced without
	      considerations for do this sharing across separate
	      threads but there was no indication of this fact in the
	      documentation.

	      Due to missing mutexes or thread locks, two threads
	      sharing the same HSTS data could end up doing a
	      double-free or use-after-free.
	    </dd>
	    <dt>CVE-2023-27538</dt>
	    <dd>
	      libcurl would reuse a previously created connection even
	      when an SSH related option had been changed that should
	      have prohibited reuse.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, two SSH settings
	      were left out from the configuration match checks,
	      making them match too easily.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27533</cvename>
      <cvename>CVE-2023-27534</cvename>
      <cvename>CVE-2023-27535</cvename>
      <cvename>CVE-2023-27536</cvename>
      <cvename>CVE-2023-27537</cvename>
      <cvename>CVE-2023-27538</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-03-20</entry>
    </dates>
  </vuln>

  <vuln vid="72583cb3-a7f9-11ed-bd9e-589cfc0f81b0">
    <topic>phpMyAdmin -- XSS vulnerability in drag-and-drop upload</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<name>phpMyAdmin-php80</name>
	<name>phpMyAdmin-php81</name>
	<name>phpMyAdmin-php82</name>
	<name>phpMyAdmin5</name>
	<name>phpMyAdmin5-php80</name>
	<name>phpMyAdmin5-php81</name>
	<name>phpMyAdmin5-php82</name>
	<range><lt>4.9.11</lt></range>
	<range><ge>5.0</ge><lt>5.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpMyAdmin Team reports:</p>
	<blockquote cite="https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/">
	  <p>PMASA-2023-1 XSS vulnerability in drag-and-drop upload</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.phpmyadmin.net/security/PMASA-2023-1/</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="8edeb3c1-bfe7-11ed-96f5-3497f65b111b">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.56</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.56">
	  <ul>
	    <li>CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
	      HTTP response splitting (cve.mitre.org).
	      HTTP Response Smuggling vulnerability in Apache HTTP Server
	      via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
	      from 2.4.30 through 2.4.55.
	      Special characters in the origin response header can
	      truncate/split the response forwarded to the client.</li>
	    <li>CVE-2023-25690: HTTP request splitting with mod_rewrite
	      and mod_proxy (cve.mitre.org).
	      Some mod_proxy configurations on Apache HTTP Server versions
	      2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
	      Configurations are affected when mod_proxy is enabled along
	      with some form of RewriteRule or ProxyPassMatch in which a
	      non-specific pattern matches some portion of the user-supplied
	      request-target (URL) data and is then re-inserted into the
	      proxied request-target using variable substitution.
	    </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25690</cvename>
      <cvename>CVE-2023-27522</cvename>
      <url>https://downloads.apache.org/httpd/CHANGES_2.4.56</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-11</entry>
    </dates>
  </vuln>

  <vuln vid="d357f6bb-0af4-4ac9-b096-eeec183ad829">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>111.0.5563.64</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>111.0.5563.64</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html">
	 <p>This update includes 40 security fixes:</p>
	 <ul>
	   <li>[1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30</li>
	   <li>[1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03</li>
	   <li>[1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17</li>
	   <li>[1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21</li>
	   <li>[1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03</li>
	   <li>[1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07</li>
	   <li>[1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13</li>
	   <li>[1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17</li>
	   <li>[1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16</li>
	   <li>[1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24</li>
	   <li>[1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07</li>
	   <li>[1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25</li>
	   <li>[1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20</li>
	   <li>[1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10</li>
	   <li>[1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31</li>
	   <li>[1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18</li>
	   <li>[1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20</li>
	   <li>[1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30</li>
	   <li>[1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30</li>
	   <li>[1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24</li>
	   <li>[1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25</li>
	   <li>[1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03</li>
	   <li>[1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03</li>
	   <li>[1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1213</cvename>
      <cvename>CVE-2023-1214</cvename>
      <cvename>CVE-2023-1215</cvename>
      <cvename>CVE-2023-1216</cvename>
      <cvename>CVE-2023-1217</cvename>
      <cvename>CVE-2023-1218</cvename>
      <cvename>CVE-2023-1219</cvename>
      <cvename>CVE-2023-1220</cvename>
      <cvename>CVE-2023-1221</cvename>
      <cvename>CVE-2023-1222</cvename>
      <cvename>CVE-2023-1223</cvename>
      <cvename>CVE-2023-1224</cvename>
      <cvename>CVE-2023-1225</cvename>
      <cvename>CVE-2023-1226</cvename>
      <cvename>CVE-2023-1227</cvename>
      <cvename>CVE-2023-1228</cvename>
      <cvename>CVE-2023-1229</cvename>
      <cvename>CVE-2023-1230</cvename>
      <cvename>CVE-2023-1231</cvename>
      <cvename>CVE-2023-1232</cvename>
      <cvename>CVE-2023-1233</cvename>
      <cvename>CVE-2023-1234</cvename>
      <cvename>CVE-2023-1235</cvename>
      <cvename>CVE-2023-1236</cvename>
      <url>https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="f68bb358-be8e-11ed-9215-00e081b7aa2d">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.394</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.387.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-03-08/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-3037 / CVE-2023-27898</h5>
	  <p>XSS vulnerability in plugin manager</p>
	  <h5>(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)</h5>
	  <p>DoS vulnerability in bundled Apache Commons FileUpload library</p>
	  <h5></h5>
	  <h5>(Medium) SECURITY-1807 / CVE-2023-27902</h5>
	  <p>Workspace temporary directories accessible through directory browser</p>
	  <h5>(Low) SECURITY-3058 / CVE-2023-27903</h5>
	  <p>Temporary file parameter created with insecure permissions</p>
	  <h5>(Low) SECURITY-2120 / CVE-2023-27904</h5>
	  <p>Information disclosure through error stack traces related to agents</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27898</cvename>
      <cvename>CVE-2023-24998</cvename>
      <cvename>CVE-2023-27900</cvename>
      <cvename>CVE-2023-27901</cvename>
      <cvename>CVE-2023-27902</cvename>
      <cvename>CVE-2023-27903</cvename>
      <cvename>CVE-2023-27904</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-03-08/</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="742279d6-bdbe-11ed-a179-2b68e9d12706">
    <topic>go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.7</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/58647">
	  <p>crypto/elliptic: incorrect P-256 ScalarMult and
	    ScalarBaseMult results</p>
	  <p>The ScalarMult and ScalarBaseMult methods of the P256
	    Curve may return an incorrect result if called with some
	    specific unreduced scalars (a scalar larger than the
	    order of the curve).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24532</cvename>
      <url>https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ</url>
    </references>
    <dates>
      <discovery>2023-02-22</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="bed545c6-bdb8-11ed-bca8-a33124f1beb1">
    <topic>mantis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mantis-php74</name>
	<name>mantis-php80</name>
	<name>mantis-php81</name>
	<name>mantis-php82</name>
	<range><lt>2.25.6,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mantis 2.25.6 release reports:</p>
	<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&amp;version=2.25.6">
	  <p>Security and maintenance release</p>
	  <ul>
	    <li>0031086: Private issue summary disclosure (CVE-2023-22476)</li>
	    <li>0030772: Update (bundled) moment.js to 2.29.4 (CVE-2022-31129)</li>
	    <li>0030791: Allow adding relation type noopener/noreferrer to outgoing links</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22476</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476</url>
      <cvename>CVE-2022-31129</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129</url>
    </references>
    <dates>
      <discovery>2023-01-06</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="6678211c-bd47-11ed-beb0-1c1b0d9ea7e6">
    <topic>Apache OpenOffice -- master password vulnerabilities</topic>
    <affects>
      <package>
	<name>apache-openoffice</name>
	<range><lt>4.1.13</lt></range>
      </package>
      <package>
	<name>apache-openoffice-devel</name>
	<range><lt>4.2.1678061694,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Openoffice project reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37400">
	  <p>Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37401">
	  <p>Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37400</cvename>
      <cvename>CVE-2022-37401</cvename>
      <url>https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.13+Release+Notes</url>
    </references>
    <dates>
      <discovery>2022-02-25</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="f0798a6a-bbdb-11ed-ba99-080027f5fec9">
    <topic>rack -- possible DoS vulnerability in multipart MIME parsing</topic>
    <affects>
      <package>
	<name>rubygem-rack</name>
	<range><lt>3.0.4.2,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack22</name>
	<range><lt>2.2.6.3,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack16</name>
	<range><lt>1.6.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aaron Patterson reports:</p>
	<blockquote cite="https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388">
	  <p>
	    The Multipart MIME parsing code in Rack limits the number
	    of file parts, but does not limit the total number of
	    parts that can be uploaded. Carefully crafted requests can
	    abuse this and cause multipart parsing to take longer than
	    expected.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27530</cvename>
      <url>https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388</url>
    </references>
    <dates>
      <discovery>2023-03-03</discovery>
      <entry>2023-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="be233fc6-bae7-11ed-a4fb-080027f5fec9">
    <topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>7.88.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Harry Sintonen and Patrick Monnerat report:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <dl>
	    <dt>CVE-2023-23914</dt>
	    <dd>
	      A cleartext transmission of sensitive information
	      vulnerability exists in curl &lt; v7.88.0 that could
	      cause HSTS functionality fail when multiple URLs are
	      requested serially. Using its HSTS support, curl can be
	      instructed to use HTTPS instead of using an insecure
	      clear-text HTTP step even when HTTP is provided in the
	      URL. This HSTS mechanism would however surprisingly be
	      ignored by subsequent transfers when done on the same
	      command line because the state would not be properly
	      carried on.
	    </dd>
	    <dt>CVE-2023-23915</dt>
	    <dd>
	      A cleartext transmission of sensitive information
	      vulnerability exists in curl &lt; v7.88.0 that could
	      cause HSTS functionality to behave incorrectly when
	      multiple URLs are requested in parallel. Using its HSTS
	      support, curl can be instructed to use HTTPS instead of
	      using an insecure clear-text HTTP step even when HTTP is
	      provided in the URL. This HSTS mechanism would however
	      surprisingly fail when multiple transfers are done in
	      parallel as the HSTS cache file gets overwritten by the
	      most recently completed transfer. A later HTTP-only
	      transfer to the earlier host name would then *not* get
	      upgraded properly to HSTS.
	    </dd>
	    <dt>CVE-2023-23916</dt>
	    <dd>
	      An allocation of resources without limits or throttling
	      vulnerability exists in curl &lt; v7.88.0 based on the
	      &quot;chained&quot; HTTP compression algorithms, meaning
	      that a server response can be compressed multiple times
	      and potentially with different algorithms. The number of
	      acceptable &quot;links&quot; in this &quot;decompression
	      chain&quot; was capped, but the cap was implemented on a
	      per-header basis allowing a malicious server to insert a
	      virtually unlimited number of compression steps simply
	      by using many headers. The use of such a decompression
	      chain could result in a &quot;malloc bomb&quot;, making
	      curl end up spending enormous amounts of allocated heap
	      memory, or trying to and returning out of memory errors.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23914</cvename>
      <cvename>CVE-2023-23915</cvename>
      <cvename>CVE-2023-23916</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2023-02-15</discovery>
      <entry>2023-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="3f9b6943-ba58-11ed-bbbd-00e0670f2660">
    <topic>strongSwan -- certificate verification vulnerability</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><ge>5.9.8</ge><lt>5.9.9_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>strongSwan reports:</p>
	<blockquote cite="https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html">
	  <p>A vulnerability related to certificate verification in TLS-based EAP methods
	     was discovered in strongSwan that results in a denial of service
	     but possibly even remote code execution. Versions 5.9.8 and 5.9.9
	     may be affected. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-26463</cvename>
      <url>https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html</url>
    </references>
    <dates>
      <discovery>2023-03-02</discovery>
      <entry>2023-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="f7c5b3a9-b9fb-11ed-99c6-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.9.0</ge><lt>15.9.2</lt></range>
	<range><ge>15.8.0</ge><lt>15.8.4</lt></range>
	<range><ge>9.0.0</ge><lt>15.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/">
	  <p>Stored XSS via Kroki diagram</p>
	  <p>Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings</p>
	  <p>Improper validation of SSO and SCIM tokens while managing groups</p>
	  <p>Maintainer can leak Datadog API key by changing Datadog site</p>
	  <p>Clipboard based XSS in the title field of work items</p>
	  <p>Improper user right checks for personal snippets</p>
	  <p>Release Description visible in public projects despite release set as project members only</p>
	  <p>Group integration settings sensitive information exposed to project maintainers</p>
	  <p>Improve pagination limits for commits</p>
	  <p>Gitlab Open Redirect Vulnerability</p>
	  <p>Maintainer may become an Owner of a project</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0050</cvename>
      <cvename>CVE-2022-4289</cvename>
      <cvename>CVE-2022-4331</cvename>
      <cvename>CVE-2023-0483</cvename>
      <cvename>CVE-2022-4007</cvename>
      <cvename>CVE-2022-3758</cvename>
      <cvename>CVE-2023-0223</cvename>
      <cvename>CVE-2022-4462</cvename>
      <cvename>CVE-2023-1072</cvename>
      <cvename>CVE-2022-3381</cvename>
      <cvename>CVE-2023-1084</cvename>
      <url>https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/</url>
    </references>
    <dates>
      <discovery>2023-03-02</discovery>
      <entry>2023-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="6dccc186-b824-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in text panel plugin</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>9.2.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.2.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 1, a member of the security
	  team found a stored XSS vulnerability affecting the core text plugin.</p>
	  <p>The stored XSS vulnerability requires several user interactions in order
	  to be fully exploited. The vulnerability was possible due to React’s render
	  cycle that will pass through the unsanitized HTML code, but in the next cycle,
	  the HTML is cleaned up and saved in Grafana’s database.</p>
	  <p>The CVSS score for this vulnerability is 6.4 Medium
	  (CVSS:6.4/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22462</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf</url>
    </references>
    <dates>
      <discovery>2023-01-01</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="e7841611-b808-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in TraceView panel</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.21</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.21</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 30, a member
	  of the engineering team found a stored XSS vulnerability affecting
	  the <code>TraceView</code> panel.</p>
	  <p>The stored XSS vulnerability was possible because the value of a span’s
	  attributes/resources were not properly sanitized, and this will be rendered
	  when the span’s attributes/resources are expanded.</p>
	  <p>The CVSS score for this vulnerability is 7.3 High
	  (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0594</cvename>
      <url>https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/</url>
    </references>
    <dates>
      <discovery>2023-01-30</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="e2a8e2bd-b808-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in geomap panel plugin via attribution</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.21</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.21</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 25, a member of the security
	  team found a stored XSS vulnerability affecting the core geomap plugin.</p>
	  <p>The stored XSS vulnerability was possible because map attributions weren’t
	  properly sanitized, allowing arbitrary JavaScript to be executed in the context
	  of the currently authorized user of the Grafana instance.</p>
	  <p>The CVSS score for this vulnerability is 7.3 High
	  (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0507</cvename>
      <url>https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/</url>
    </references>
    <dates>
      <discovery>2023-01-25</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="b17bce48-b7c6-11ed-b304-080027f5fec9">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.9</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.9.20230228</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.11</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.18</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team	reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI">
	  <dl>
	    <dt>CVE-2023-25155</dt>
	    <dd>
	      Specially crafted SRANDMEMBER, ZRANDMEMBER, and
	      HRANDFIELD commands can trigger an integer overflow,
	      resulting in a runtime assertion and termination of the
	      Redis server process.
	    </dd>
	    <dt>CVE-2022-36021</dt>
	    <dd>
	      String matching commands (like SCAN or KEYS) with a
	      specially crafted pattern to trigger a denial-of-service
	      attack on Redis, causing it to hang and consume 100% CPU
	      time.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25155</cvename>
      <cvename>CVE-2022-36021</cvename>
      <url>https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI</url>
    </references>
    <dates>
      <discovery>2023-02-28</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="a75929bd-b6a4-11ed-bad6-080027f5fec9">
    <topic>emacs -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<range><lt>28.2_3,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>30.0.50.20230101,3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Xi Lu reports:</p>
	<blockquote cite="https://www.debian.org/security/2023/dsa-5360">
	  <dl>
	    <dt>CVE-2022-48337</dt>
	    <dd>
	      GNU Emacs through 28.2 allows attackers to execute
	      commands via shell metacharacters in the name of a
	      source-code file, because lib-src/etags.c uses the
	      system C library function in its implementation of the
	      etags program. For example, a victim may use the
	      &quot;etags -u *&quot; command (suggested in the etags
	      documentation) in a situation where the current working
	      directory has contents that depend on untrusted input.
	    </dd>
	    <dt>CVE-2022-48338</dt>
	    <dd>
	      An issue was discovered in GNU Emacs through 28.2. In
	      ruby-mode.el, the ruby-find-library-file function has a
	      local command injection vulnerability. The
	      ruby-find-library-file function is an interactive
	      function, and bound to C-c C-f. Inside the function, the
	      external command gem is called through
	      shell-command-to-string, but the feature-name parameters
	      are not escaped. Thus, malicious Ruby source files may
	      cause commands to be executed.
	    </dd>
	    <dt>CVE-2022-48339</dt>
	    <dd>
	      An issue was discovered in GNU Emacs through
	      28.2. htmlfontify.el has a command injection
	      vulnerability. In the hfy-istext-command function, the
	      parameter file and parameter srcdir come from external
	      input, and parameters are not escaped. If a file name or
	      directory name contains shell metacharacters, code may
	      be executed.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-48337</cvename>
      <cvename>CVE-2022-48338</cvename>
      <cvename>CVE-2022-48339</cvename>
      <url>https://www.debian.org/security/2023/dsa-5360</url>
    </references>
    <dates>
      <discovery>2022-12-06</discovery>
      <entry>2023-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="dd271de6-b444-11ed-9268-b42e991fc52e">
    <topic>freerdp -- clients using the `/video` command line switch might read uninitialized data</topic>
    <affects>
      <package>
	<name>freerdp</name>
	<range><lt>2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
      <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283">
	<p>
	  All FreeRDP based clients when using the `/video`
	  command line switch might read uninitialized data, decode
	  it as audio/video and display the result. FreeRDP based
	  server implementations are not affected.
	</p>
      </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39283</cvename>
      <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh</url>
    </references>
    <dates>
      <discovery>2022-10-13</discovery>
      <entry>2023-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="c682923d-b444-11ed-9268-b42e991fc52e">
    <topic>freerdp -- clients using `/parallel` command line switch might read uninitialized data</topic>
    <affects>
      <package>
	<name>freerdp</name>
	<range><lt>2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
      <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282">
	<p>
	  FreeRDP based clients on unix systems using
	  `/parallel` command line switch might read uninitialized
	  data and send it to the server the client is currently
	  connected to. FreeRDP based server implementations are not
	  affected.
	</p>
      </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39282</cvename>
      <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq</url>
    </references>
    <dates>
      <discovery>2022-10-13</discovery>
      <entry>2023-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>110.0.5481.177</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>110.0.5481.177</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html">
	 <p>This update includes 10 security fixes:</p>
	 <ul>
	   <li>[1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13</li>
	   <li>[1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10</li>
	   <li>[1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22</li>
	   <li>[1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09</li>
	   <li>[1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27</li>
	   <li>[1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17</li>
	   <li>[1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05</li>
	   <li>[1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0941</cvename>
      <cvename>CVE-2023-0927</cvename>
      <cvename>CVE-2023-0928</cvename>
      <cvename>CVE-2023-0929</cvename>
      <cvename>CVE-2023-0930</cvename>
      <cvename>CVE-2023-0931</cvename>
      <cvename>CVE-2023-0932</cvename>
      <cvename>CVE-2023-0933</cvename>
      <url>https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html</url>
    </references>
    <dates>
      <discovery>2023-02-22</discovery>
      <entry>2023-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="7a425536-74f7-4ce4-9768-0079a9d44d11">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.6">
	  <p> Receiving DNS responses from async DNS requests (via
	  the lookup_addr, etc BIF methods) with the TTL set to
	  zero could cause the DNS manager to eventually stop being
	  able to make new requests. </p>
	  <p> Specially-crafted FTP packets with excessively long
	  usernames, passwords, or other fields could cause log
	  writes to use large amounts of disk space. </p>
	  <p> The find_all and find_all_ordered BIF methods could
	  take extremely large amounts of time to process incoming
	  data depending on the size of the input. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.7</url>
    </references>
    <dates>
      <discovery>2023-02-21</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="421c0af9-b206-11ed-9fe5-f4a47516fb57">
    <topic>libde256 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libde265</name>
	<range><lt>1.0.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Libde265 developer reports:</p>
	<blockquote cite="https://github.com/strukturag/libde265/releases/tag/v1.0.10">
	  <p>This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-21594</cvename>
      <cvename>CVE-2020-21595</cvename>
      <cvename>CVE-2020-21596</cvename>
      <cvename>CVE-2020-21597</cvename>
      <cvename>CVE-2020-21598</cvename>
      <cvename>CVE-2020-21599</cvename>
      <cvename>CVE-2020-21600</cvename>
      <cvename>CVE-2020-21601</cvename>
      <cvename>CVE-2020-21602</cvename>
      <cvename>CVE-2020-21603</cvename>
      <cvename>CVE-2020-21604</cvename>
      <cvename>CVE-2020-21605</cvename>
      <cvename>CVE-2020-21606</cvename>
      <cvename>CVE-2022-1253</cvename>
      <cvename>CVE-2022-43236</cvename>
      <cvename>CVE-2022-43237</cvename>
      <cvename>CVE-2022-43238</cvename>
      <cvename>CVE-2022-43239</cvename>
      <cvename>CVE-2022-43240</cvename>
      <cvename>CVE-2022-43241</cvename>
      <cvename>CVE-2022-43242</cvename>
      <cvename>CVE-2022-43243</cvename>
      <cvename>CVE-2022-43244</cvename>
      <cvename>CVE-2022-43245</cvename>
      <cvename>CVE-2022-43248</cvename>
      <cvename>CVE-2022-43249</cvename>
      <cvename>CVE-2022-43250</cvename>
      <cvename>CVE-2022-43252</cvename>
      <cvename>CVE-2022-43253</cvename>
      <cvename>CVE-2022-47655</cvename>
      <url>https://github.com/strukturag/libde265/releases/tag/v1.0.10</url>
    </references>
    <dates>
      <discovery>2023-01-27</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="21f12de8-b1db-11ed-b0f4-002590f2a714">
    <topic>git -- "git apply" overwriting paths outside the working tree</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh">
	  <p>By feeding a crafted input to "git apply", a path outside the
	    working tree can be overwritten as the user who is running "git
	    apply".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23946</cvename>
      <url>https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="9548d6ed-b1da-11ed-b0f4-002590f2a714">
    <topic>git -- Local clone-based data exfiltration with non-local transports</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q">
	  <p>Using a specially-crafted repository, Git can be tricked into using
	    its local clone optimization even when using a non-local transport.
	    Though Git will abort local clones whose source $GIT_DIR/objects
	    directory contains symbolic links (c.f., CVE-2022-39253), the objects
	    directory itself may still be a symbolic link.</p>

	  <p>These two may be combined to include arbitrary files based on known
	    paths on the victim's filesystem within the malicious repository's
	    working copy, allowing for data exfiltration in a similar manner as
	    CVE-2022-39253.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22490</cvename>
      <url>https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="8fafbef4-b1d9-11ed-b0f4-002590f2a714">
    <topic>git -- gitattributes parsing integer overflow</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89">
	  <p>gitattributes are used to define unique attributes corresponding
	    to paths in your repository. These attributes are defined by
	    .gitattributes file(s) within your repository.</p>

	  <p>The parser used to read these files has multiple integer
	    overflows, which can occur when parsing either a large number
	    of patterns, a large number of attributes, or attributes with
	    overly-long names.</p>

	  <p>These overflows may be triggered via a malicious
	    .gitattributes file. However, Git automatically splits lines at
	    2KB when reading .gitattributes from a file, but not when parsing
	    it from the index. Successfully exploiting this vulnerability
	    depends on the location of the .gitattributes file in question.</p>

	  <p>This integer overflow can result in arbitrary heap reads
	    and writes, which may result in remote code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23521</cvename>
      <url>https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="2fcca7e4-b1d7-11ed-b0f4-002590f2a714">
    <topic>git -- Heap overflow in `git archive`, `git log --format` leading to RCE</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq">
	  <p>git log has the ability to display commits using an arbitrary
	    format with its --format specifiers. This functionality is also
	    exposed to git archive via the export-subst gitattribute.</p>
	  <p>When processing the padding operators (e.g., %&#x3c;(, %&#x3c;|(,
	    %>(, %>>(, or %>&#x3c;( ), an integer overflow can occur in
	    pretty.c::format_and_pad_commit() where a size_t is improperly
	    stored as an int, and then added as an offset to a subsequent
	    memcpy() call.</p>
	  <p>This overflow can be triggered directly by a user running a
	    command which invokes the commit formatting machinery (e.g., git
	    log --format=...). It may also be triggered indirectly through
	    git archive via the export-subst mechanism, which expands format
	    specifiers inside of files within the repository during a git
	    archive.</p>
	  <p>This integer overflow can result in arbitrary heap writes, which
	    may result in remote code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41903</cvename>
      <url>https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="5048ed45-b0f1-11ed-ab04-9106b1b896dd">
    <topic>gitea -- password hash quality</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22942">
	  <p>This PR refactors and improves the password hashing code within
	    gitea and makes it possible for server administrators to set the
	    password hashing parameters.</p>
	  <p>In addition it takes the opportunity to adjust the settings for
	    pbkdf2 in order to make the hashing a little stronger.</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22823">
	  <p>Add command to bulk set must-change-password</p>
	  <p>As part of administration sometimes it is appropriate to
	    forcibly tell users to update their passwords.</p>
	  <p>This PR creates a new command gitea admin user
	    must-change-password which will set the MustChangePassword flag on
	    the provided users.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2023/02/gitea-1.18.4-is-released/</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.18.4</url>
    </references>
    <dates>
      <discovery>2022-02-14</discovery>
      <entry>2023-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="428922c9-b07e-11ed-8700-5404a68ad561">
    <topic>traefik -- Use of vulnerable Go module x/net/http2</topic>
    <affects>
      <package>
	<name>traefik</name>
	<range><lt>2.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://pkg.go.dev/vuln/GO-2023-1495">
	  <p>A request smuggling attack is possible when using
       MaxBytesHandler. When using MaxBytesHandler, the body of
       an HTTP request is not fully consumed. When the server
       attempts to read HTTP2 frames from the connection, it
       will instead be reading the body of the HTTP request,
       which could be attacker-manipulated to represent
       arbitrary HTTP2 requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41721</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721</url>
    </references>
    <dates>
      <discovery>2022-10-22</discovery>
      <entry>2023-02-19</entry>
    </dates>
  </vuln>

  <vuln vid="27c822a0-addc-11ed-a9ee-dca632b19f10">
    <topic>Rundeck3 -- Log4J RCE vulnerability</topic>
    <affects>
      <package>
	<name>rundeck3</name>
	<range><lt>3.4.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Rundeck project reports:</p>
	<blockquote cite="https://docs.rundeck.com/docs/history/3_4_x/version-3.4.10.html">
	  <p>This release updates both Community and Enterprise with the latest Log4J
	    to address CVE-2021-44832 by updating it to 2.17.1.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44832</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832</url>
    </references>
    <dates>
      <discovery>2021-12-11</discovery>
      <entry>2023-02-16</entry>
    </dates>
  </vuln>

  <vuln vid="8e20430d-a72b-11ed-a04f-40b034455553">
    <topic>MinIO -- unprivileged users can create service accounts for admin users</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2022.04.12.06.55.35</lt></range>
      </package>
    </affects>
    <description>
      <body>
	<p>MinIO reports:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q">
	  <p>
	      A security issue was found where an unprivileged user is
	      able to create service accounts for root or other admin
	      users and then is able to assume their access policies
	      via the generated credentials.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24842</cvename>
      <url>https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q</url>
    </references>
    <dates>
      <discovery>2022-04-11</discovery>
      <entry>2023-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="fd792048-ad91-11ed-a879-080027f5fec9">
    <topic>clamav -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>1.0.1,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><lt>0.103.8,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Scannell reports:</p>
	<blockquote cite="https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html">
	  <dl>
	    <dt>CVE-2023-20032</dt>
	    <dd>
	      Fixed a possible remote code execution vulnerability in the HFS+ file parser.
	    </dd>
	    <dt>CVE-2023-20052</dt>
	    <dd>
	      Fixed a possible remote information leak vulnerability in the DMG file parser.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-20032</cvename>
      <cvename>CVE-2023-20052</cvename>
      <url>https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html</url>
    </references>
    <dates>
      <discovery>2023-02-15</discovery>
      <entry>2023-02-16</entry>
    </dates>
  </vuln>

  <vuln vid="3d73e384-ad1f-11ed-983c-83fe35862e3a">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.6</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/57274">
	  <p>path/filepath: path traversal in filepath.Clean on Windows</p>
	  <p>On Windows, the filepath.Clean function could transform
	    an invalid path such as a/../c:/b into the valid path
	    c:\b. This transformation of a relative (if invalid)
	    path into an absolute path could enable a directory
	    traversal attack. The filepath.Clean function will now
	    transform this path into the relative (but still
	    invalid) path .\c:\b.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/58006">
	  <p>net/http, mime/multipart: denial of service from excessive
	    resource consumption</p>
	  <p>Multipart form parsing with
	    mime/multipart.Reader.ReadForm can consume largely
	    unlimited amounts of memory and disk files. This also
	    affects form parsing in the net/http package with the
	    Request methods FormFile, FormValue, ParseMultipartForm,
	    and PostFormValue.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/58001">
	  <p>crypto/tls: large handshake records may cause panics</p>
	  <p>
	    Both clients and servers may send large TLS handshake
	    records which cause servers and clients,
	    respectively, to panic when attempting to construct responses.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/57855">
	  <p>net/http: avoid quadratic complexity in HPACK decoding</p>
	  <p>A maliciously crafted HTTP/2 stream could cause
	    excessive CPU consumption in the HPACK decoder,
	    sufficient to cause a denial of service from a small
	    number of small requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41722</cvename>
      <cvename>CVE-2022-41725</cvename>
      <cvename>CVE-2022-41724</cvename>
      <cvename>CVE-2022-41723</cvename>
      <url>https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-15</entry>
    </dates>
  </vuln>

  <vuln vid="9c9ee9a6-ac5e-11ed-9323-080027d3a315">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.18</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.10</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<range><lt>4.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/">
	  <p>CVE-2023-24580: Potential denial-of-service vulnerability in file uploads.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24580</cvename>
      <url>https://www.djangoproject.com/weblog/2023/feb/14/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-14</entry>
    </dates>
  </vuln>

  <vuln vid="0a7a5dfb-aba4-11ed-be2c-001cc0382b2f">
    <topic>GnuTLS -- timing sidechannel in RSA decryption</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>3.7.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The GnuTLS project reports:</p>
	<blockquote cite="https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14">
	  <p>A vulnerability was found that the response times to malformed RSA
	    ciphertexts in ClientKeyExchange differ from response times of
	    ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext
	    processing is affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0361</cvename>
      <url>https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14</url>
    </references>
    <dates>
      <discovery>2023-02-10</discovery>
      <entry>2023-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="3eccc968-ab17-11ed-bd9e-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-24">
	  <p>a bypass to flood admin with FAQ proposals</p>
	  <p>stored XSS in questions</p>
	  <p>stored HTML injections</p>
	  <p>weak passwords </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/</url>
      <url>https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/</url>
      <url>https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/</url>
      <url>https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/</url>
      <url>https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/</url>
      <url>https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/</url>
      <url>https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/</url>
      <url>https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/</url>
      <url>https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/</url>
      <url>https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/</url>
    </references>
    <dates>
      <discovery>2023-02-12</discovery>
      <entry>2023-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="310ca30e-a951-11ed-8314-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>110.0.5481.77</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>110.0.5481.77</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html">
	  <p>This release contains 15 security fixes, including:</p>
	  <ul>
	    <li>[1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18</li>
	    <li>[1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03</li>
	    <li>[1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25</li>
	    <li>[1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06</li>
	    <li>[1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26</li>
	    <li>[1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05</li>
	    <li>[1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14</li>
	    <li>[1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07</li>
	    <li>[1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18</li>
	    <li>[1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0696</cvename>
      <cvename>CVE-2023-0697</cvename>
      <cvename>CVE-2023-0698</cvename>
      <cvename>CVE-2023-0699</cvename>
      <cvename>CVE-2023-0700</cvename>
      <cvename>CVE-2023-0701</cvename>
      <cvename>CVE-2023-0702</cvename>
      <cvename>CVE-2023-0703</cvename>
      <cvename>CVE-2023-0704</cvename>
      <cvename>CVE-2023-0705</cvename>
      <url>https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="7a8b6170-a889-11ed-bbae-6cc21735f730">
    <topic>PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.</topic>
    <affects>
      <package>
	<name>postgresql15-client</name>
	<range><lt>15.2</lt></range>
      </package>
      <package>
	<name>postgresql14-client</name>
	<range><lt>14.7</lt></range>
      </package>
      <package>
	<name>postgresql13-client</name>
	<range><lt>13.10</lt></range>
      </package>
      <package>
	<name>postgresql12-client</name>
	<range><lt>12.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2022-41862/">
	  <p>
	    A modified, unauthenticated server can send an
	    unterminated string during the establishment of Kerberos
	    transport encryption. When a libpq client application
	    has a Kerberos credential cache and doesn't explicitly
	    disable option gssencmode, a server can cause libpq to
	    over-read and report an error message containing
	    uninitialized bytes from and following its receive
	    buffer. If libpq's caller somehow makes that message
	    accessible to the attacker, this achieves a disclosure
	    of the over-read bytes. We have not confirmed or ruled
	    out viability of attacks that arrange for a crash or for
	    presence of notable, confidential information in
	    disclosed bytes.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41862</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2022-41862/</url>
    </references>
    <dates>
      <discovery>2023-02-09</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="ecffb881-a7a7-11ed-8d6a-6c3be5272acd">
    <topic>Grafana -- Stored XSS in ResourcePicker component</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.1.0</ge><lt>8.5.16</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.1.0</ge><lt>8.5.16</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/">
	  <p>On 2022-12-16 during an internal audit of Grafana, a member of the security
	  team found a stored XSS vulnerability affecting the core plugin GeoMap.</p>
	  <p>The stored XSS vulnerability was possible due to SVG-files weren't properly
	  sanitized and allowed arbitrary JavaScript to be executed in the context
	  of the currently authorized user of the Grafana instance.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23552</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv</url>
    </references>
    <dates>
      <discovery>2022-12-16</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="e6281d88-a7a7-11ed-8d6a-6c3be5272acd">
    <topic>Grafana -- Spoofing originalUrl of snapshots</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.5.16</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.5.16</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/">
	  <p>A third-party penetration test of Grafana found a vulnerability
	  in the snapshot functionality. The value of the originalUrl parameter
	  is automatically generated. The purpose of the presented originalUrl parameter
	  is to provide a user who views the snapshot with the possibility to click
	  on the <strong>Local Snapshot</strong> button in the Grafana web UI
	  and be presented with the dashboard that the snapshot captured. The value
	  of the originalUrl parameter can be arbitrarily chosen by a malicious user that
	  creates the snapshot. (Note: This can be done by editing the query thanks
	  to a web proxy like Burp.)</p>
	  <p>We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM
	  (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39324</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw</url>
    </references>
    <dates>
      <discovery>2023-01-25</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="1dd84344-a7da-11ed-86e9-d4c9ef517024">
    <topic>LibreSSL -- Arbitrary memory read</topic>
    <affects>
      <package>
	<name>libressl</name>
	<range><lt>3.5.4</lt></range>
      </package>
      <package>
	<name>libressl-devel</name>
	<range><lt>3.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenBSD project reports:</p>
	<blockquote cite="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt">
	  <p>A malicious certificate revocation list or timestamp response token
	    would allow an attacker to read arbitrary memory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt</url>
    </references>
    <dates>
      <discovery>2023-02-08</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="6cc63bf5-a727-4155-8ec4-68b626475e68">
    <topic>xorg-server -- Security issue in the X server</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.7,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.7,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>22.1.8,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.386</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-February/003320.html">
	  <ul>
	    <li>CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses
	    use-after-free

	    <p>A dangling pointer in DeepCopyPointerClasses can be exploited by
	    ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into
	    freed memory.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-February/003320.html</url>
      <cvename>CVE-2023-0494</cvename>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="b34c1947-a749-11ed-b24b-1c61b4739ac9">
    <topic>TightVNC -- Muliple Vulnerabilities</topic>
    <affects>
      <package>
	<name>tightvnc</name>
	<range><le>1.3.10_6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287">
	  <p>TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678">
	  <p>TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679">
	  <p>TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680">
	  <p>TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-8287</cvename>
      <cvename>CVE-2019-15678</cvename>
      <cvename>CVE-2019-15679</cvename>
      <cvename>CVE-2019-15680</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680</url>
    </references>
    <dates>
      <discovery>2019-02-12</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="648a432c-a71f-11ed-86e9-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1t,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.8</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230207.txt">
	  <p>X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) (High):
	    There is a type confusion vulnerability relating to X.400 address processing
	    inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
	    the public structure definition for GENERAL_NAME incorrectly specified the type
	    of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
	    the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
	    ASN1_STRING.</p>
	  <p>Timing Oracle in RSA Decryption (CVE-2022-4304) (Moderate):
	    A timing based side channel exists in the OpenSSL RSA Decryption implementation
	    which could be sufficient to recover a plaintext across a network in a
	    Bleichenbacher style attack. To achieve a successful decryption an attacker
	    would have to be able to send a very large number of trial messages for
	    decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
	    RSA-OEAP and RSASVE.</p>
	  <p>X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203) (Moderate):
	    A read buffer overrun can be triggered in X.509 certificate verification,
	    specifically in name constraint checking. Note that this occurs
	    after certificate chain signature verification and requires either a
	    CA to have signed the malicious certificate or for the application to
	    continue certificate verification despite failure to construct a path
	    to a trusted issuer.</p>
	  <p>Use-after-free following BIO_new_NDEF (CVE-2023-0215) (Moderate):
	    The public API function BIO_new_NDEF is a helper function used for streaming
	    ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
	    SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
	    end user applications.</p>
	  <p>Double free after calling PEM_read_bio_ex (CVE-2022-4450) (Moderate):
	    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
	    decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
	    If the function succeeds then the "name_out", "header" and "data" arguments are
	    populated with pointers to buffers containing the relevant decoded data. The
	    caller is responsible for freeing those buffers. It is possible to construct a
	    PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
	    will return a failure code but will populate the header argument with a pointer
	    to a buffer that has already been freed. If the caller also frees this buffer
	    then a double free will occur. This will most likely lead to a crash. This
	    could be exploited by an attacker who has the ability to supply malicious PEM
	    files for parsing to achieve a denial of service attack.</p>
	  <p>Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216) (Moderate):
	    An invalid pointer dereference on read can be triggered when an
	    application tries to load malformed PKCS7 data with the
	    d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.</p>
	  <p>NULL dereference validating DSA public key (CVE-2023-0217) (Moderate):
	    An invalid pointer dereference on read can be triggered when an
	    application tries to check a malformed DSA public key by the
	    EVP_PKEY_public_check() function. This will most likely lead
	    to an application crash. This function can be called on public
	    keys supplied from untrusted sources which could allow an attacker
	    to cause a denial of service attack.</p>
	  <p>NULL dereference during PKCS7 data verification (CVE-2023-0401) (Moderate):
	    A NULL pointer can be dereferenced when signatures are being
	    verified on PKCS7 signed or signedAndEnveloped data. In case the hash
	    algorithm used for the signature is known to the OpenSSL library but
	    the implementation of the hash algorithm is not available the digest
	    initialization will fail. There is a missing check for the return
	    value from the initialization function which later leads to invalid
	    usage of the digest API most likely leading to a crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0286</cvename>
      <cvename>CVE-2022-4304</cvename>
      <cvename>CVE-2022-4203</cvename>
      <cvename>CVE-2023-0215</cvename>
      <cvename>CVE-2022-4450</cvename>
      <cvename>CVE-2023-0216</cvename>
      <cvename>CVE-2023-0401</cvename>
      <url>https://www.openssl.org/news/secadv/20230207.txt</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="c49a880d-a5bb-11ed-aab5-080027de9982">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.17</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.9</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<range><lt>4.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/feb/01/security-releases/">
	  <p>CVE-2023-23969: Potential denial-of-service via Accept-Language headers.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23969</cvename>
      <url>https://www.djangoproject.com/weblog/2023/feb/01/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="01823528-a4c1-11ed-b6af-b42e991fc52e">
    <topic>kafka -- Denial Of Service vulnerability</topic>
    <affects>
      <package>
	<name>kafka</name>
	<range><lt>3.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NIST reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-36518">
	  <p>jackson-databind before 2.13.0 allows a Java StackOverflow
	    exception and denial of service via a large depth of nested
	    objects.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-36518</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-36518</url>
    </references>
    <dates>
      <discovery>2022-03-11</discovery>
      <entry>2023-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="d835c54f-a4bd-11ed-b6af-b42e991fc52e">
    <topic>node_exporter -- bypass security with cache poisoning</topic>
    <affects>
      <package>
	<name>node_exporter</name>
	<range><lt>1.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Prometheus team reports:</p>
	<blockquote cite="https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p">
	<p>
	  Prometheus and its exporters can be secured by a web.yml file that
	  specifies usernames and hashed passwords for basic authentication.
	  Passwords are hashed with bcrypt, which means that even if you have
	  access to the hash, it is very hard to find the original password
	  back. Passwords are hashed with bcrypt, which means that even if you
	  have access to the hash, it is very hard to find the original
	  password back. However, a flaw in the way this mechanism was
	  implemented in the exporter toolkit makes it possible with people
	  who know the hashed password to authenticate against Prometheus.
	  A request can be forged by an attacker to poison the internal cache
	  used to cache the computation of hashes and make subsequent requests
	  successful. This cache is used in both happy and unhappy scenarios
	  in order to limit side channel attacks that could tell an attacker
	  if a user is present in the file or not.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46146</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146</url>
    </references>
    <dates>
      <discovery>2021-11-28</discovery>
      <entry>2023-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="8dd438ed-a338-11ed-b48b-589cfc0f81b0">
    <topic>Asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><lt>18.15.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
	  <p>AST-2022-007: Remote Crash Vulnerability in H323 channel add on</p>
	  <p>AST-2022-008: Use after free in res_pjsip_pubsub.c</p>
	  <p>AST-2022-009: GetConfig AMI Action can read files outside of
	    Asterisk directory</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37325</cvename>
      <cvename>CVE-2022-42705</cvename>
      <cvename>CVE-2022-42706</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-007.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-008.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-009.html</url>
    </references>
    <dates>
      <discovery>2022-12-01</discovery>
      <entry>2023-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18">
    <topic>Spotipy -- Path traversal vulnerability</topic>
    <affects>
      <package>
	<name>py37-spotipy</name>
	<name>py38-spotipy</name>
	<name>py39-spotipy</name>
	<name>py310-spotipy</name>
	<name>py311-spotipy</name>
	<range><le>2.22.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Stéphane Bruckert</p>
  <blockquote cite="https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v">
	  <p>If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23608</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23608</url>
      <url>https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v</url>
    </references>
    <dates>
      <discovery>2023-01-16</discovery>
      <entry>2023-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.6">
	  <p> A missing field in the SMB FSControl script-land record could
	  cause a heap buffer overflow when receiving packets containing
	  those header types. </p>
	  <p> Receiving a series of packets that start with HTTP/1.0
	  and then switch to HTTP/0.9 could cause Zeek to spend a
	  large amount of time processing the packets. </p>
	  <p> Receiving large numbers of FTP commands sequentially
	  from the network with bad data in them could cause Zeek
	  to spend a large amount of time processing the packets,
	  and generate a large amount of events. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.6</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-01</entry>
    </dates>
  </vuln>

  <vuln vid="ee890be3-a1ec-11ed-a81d-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.8.0</ge><lt>15.8.1</lt></range>
	<range><ge>15.7.0</ge><lt>15.7.6</lt></range>
	<range><ge>12.4.0</ge><lt>15.6.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/">
	  <p>Denial of Service via arbitrarily large Issue descriptions</p>
	  <p>CSRF via file upload allows an attacker to take over a repository</p>
	  <p>Sidekiq background job DoS by uploading malicious CI job artifact zips</p>
	  <p>Sidekiq background job DoS by uploading a malicious Helm package</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3411</cvename>
      <cvename>CVE-2022-4138</cvename>
      <cvename>CVE-2022-3759</cvename>
      <cvename>CVE-2023-0518</cvename>
      <url>https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/</url>
    </references>
    <dates>
      <discovery>2023-01-31</discovery>
      <entry>2023-02-01</entry>
    </dates>
  </vuln>

  <vuln vid="98f78c7a-a08e-11ed-946e-002b67dfc673">
    <topic>Plex Media Server -- security vulnerability</topic>
    <affects>
      <package>
	<name>plexmediaserver</name>
	<name>plexmediaserver-plexpass</name>
	<range><lt>1.25.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Plex Security Team reports:</p>
	<blockquote cite="https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510">
	  <p>We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine.</p>
	  <p>Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-42835</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835</url>
    </references>
    <dates>
      <discovery>2021-10-22</discovery>
      <entry>2023-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="791a09c5-a086-11ed-954d-b42e991fc52e">
    <topic>prometheus2 -- basic authentication bypass</topic>
    <affects>
      <package>
	<name>prometheus</name>
	<range><lt>0.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Prometheus team reports:</p>
	<blockquote cite="https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p">
	<p>
	  Prometheus and its exporters can be secured by a web.yml file that
	  specifies usernames and hashed passwords for basic authentication.
	  Passwords are hashed with bcrypt, which means that even if you have
	  access to the hash, it is very hard to find the original password
	  back. Passwords are hashed with bcrypt, which means that even if you
	  have access to the hash, it is very hard to find the original
	  password back. However, a flaw in the way this mechanism was
	  implemented in the exporter toolkit makes it possible with people
	  who know the hashed password to authenticate against Prometheus.
	  A request can be forged by an attacker to poison the internal cache
	  used to cache the computation of hashes and make subsequent requests
	  successful. This cache is used in both happy and unhappy scenarios
	  in order to limit side channel attacks that could tell an attacker
	    if a user is present in the file or not.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46146</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146</url>
    </references>
    <dates>
      <discovery>2022-11-28</discovery>
      <entry>2023-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>109.0.5414.119</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>109.0.5414.119</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html">
	  <p>This release contains 6 security fixes, including:</p>
	  <ul>
	    <li>[1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19</li>
	    <li>[1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06</li>
	    <li>[1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03</li>
	    <li>[1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0471</cvename>
      <cvename>CVE-2023-0472</cvename>
      <cvename>CVE-2023-0473</cvename>
      <cvename>CVE-2023-0474</cvename>
      <url>https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2023-01-24</discovery>
      <entry>2023-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="b0e1fa2b-9c86-11ed-9296-002b67dfc673">
    <topic>re2c -- uncontrolled recursion</topic>
    <affects>
      <package>
	<name>re2c</name>
	<range><lt>2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>re2c reports:</p>
	<blockquote cite="https://github.com/advisories/GHSA-pgr8-gpgg-9j5m">
	  <p>re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-21232</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2018-21232</url>
    </references>
    <dates>
      <discovery>2022-05-24</discovery>
      <entry>2023-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="b8a0fea2-9be9-11ed-8acf-0800277bb8a8">
    <topic>gitea -- information disclosure</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22566">
	  <p>Prevent multiple To recipients: Change the mailer interface to
	    prevent leaking of possible hidden email addresses when sending
	    to multiple recipients.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2023/01/gitea-1.18.3-is-released/</url>
    </references>
    <dates>
      <discovery>2022-01-22</discovery>
      <entry>2023-01-24</entry>
    </dates>
  </vuln>

  <vuln vid="7844789a-9b1f-11ed-9a3f-b42e991fc52e">
    <topic>net/krill -- DoS vulnerability</topic>
    <affects>
      <package>
	<name>krill</name>
	<range><lt>0.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158">
	<p>
		NLnet Labs Krill supports direct access to the RRDP repository
		content through its built-in web server at the "/rrdp" endpoint.
		Prior to 0.12.1 a direct query for any existing directory under
		"/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml"
		as would be expected, causes Krill to crash. If the built-in "/rrdp"
		endpoint is exposed directly to the internet, then malicious remote
		parties can cause the publication server to crash. The repository
		content is not affected by this, but the availability of the server
		and repository can cause issues if this attack is persistent and is
		not mitigated. .
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0158</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158</url>
    </references>
    <dates>
      <discovery>2023-01-10</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="bba3f684-9b1d-11ed-9a3f-b42e991fc52e">
    <topic>www/awstats -- Partial absolute pathname</topic>
    <affects>
      <package>
	<name>awstats</name>
	<range><lt>7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176">
	  <p>It seems #90 is not completely fixed in 7.8.
	    (that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed).
	  In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a
	  partial absolute pathname (omitting the initial /etc), even
	  though it was intended to only read a file in the /etc/awstats/awstats.conf format.
	  NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35176</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176</url>
    </references>
    <dates>
      <discovery>2022-12-11</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="b6f7ad7d-9b19-11ed-9a3f-b42e991fc52e">
    <topic>net/eternalterminal -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>eternalterminal</name>
	<range><lt>6.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mitre reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257">
	  <p>etserver and etclient have predictable logfile names in
	    /tmp and they are world-readable logfiles</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-48257</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257</url>
      <cvename>CVE-2022-48258</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48258</url>
    </references>
    <dates>
      <discovery>2023-01-13</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="28b69630-9b10-11ed-97a6-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><ge>4.8.0</ge><lt>4.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://blog.powerdns.com/2023/01/20/security-advisory-2023-01-for-powerdns-recursor-4-8-0/">
	  <p>PowerDNS Security Advisory 2023-01: unbounded recursion results in program termination</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22617</cvename>
      <url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-01.html</url>
    </references>
    <dates>
      <discovery>2023-01-20</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="a3b10c9b-99d9-11ed-aa55-d05099fed512">
	  <topic>shells/fish -- arbitrary code execution via git</topic>
    <affects>
      <package>
	<name>fish</name>
	<range><ge>3.1.0</ge><lt>3.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Peter Ammon reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-20001">
	<p>
		fish is a command line shell. fish version 3.1.0 through
		version 3.3.1 is vulnerable to arbitrary code execution.
		git repositories can contain per-repository
		configuration that change the behavior of git, including
		running arbitrary commands. When using the default
		configuration of fish, changing to a directory
		automatically runs git commands in order to display
		information about the current repository in the prompt.
		If an attacker can convince a user to change their
		current directory into one controlled by the attacker,
		such as on a shared file system or extracted archive,
		fish will run arbitrary commands under the attacker's
		control. This problem has been fixed in fish 3.4.0. Note
		that running git in these directories, including using
		the git tab completion, remains a potential trigger for
		this issue. As a workaround, remove the
		fish_git_prompt function from the prompt.
	    </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-20001</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20001</url>
    </references>
    <dates>
      <discovery>2021-12-26</discovery>
      <entry>2023-01-21</entry>
    </dates>
  </vuln>

  <vuln vid="dc49f6dc-99d2-11ed-86e9-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-connector-odbc</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-client57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.33</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 37 new security patches for
	    Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network withouti
	    requiring user credentials.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32221</cvename>
      <cvename>CVE-2022-24407</cvename>
      <cvename>CVE-2022-24407</cvename>
      <cvename>CVE-2022-3171</cvename>
      <cvename>CVE-2022-1941</cvename>
      <cvename>CVE-2023-21868</cvename>
      <cvename>CVE-2023-21860</cvename>
      <cvename>CVE-2023-21875</cvename>
      <cvename>CVE-2023-21869</cvename>
      <cvename>CVE-2023-21877</cvename>
      <cvename>CVE-2023-21880</cvename>
      <cvename>CVE-2023-21872</cvename>
      <cvename>CVE-2023-21871</cvename>
      <cvename>CVE-2023-21836</cvename>
      <cvename>CVE-2023-21887</cvename>
      <cvename>CVE-2023-21863</cvename>
      <cvename>CVE-2023-21864</cvename>
      <cvename>CVE-2023-21865</cvename>
      <cvename>CVE-2023-21866</cvename>
      <cvename>CVE-2023-21867</cvename>
      <cvename>CVE-2023-21870</cvename>
      <cvename>CVE-2023-21873</cvename>
      <cvename>CVE-2023-21876</cvename>
      <cvename>CVE-2023-21878</cvename>
      <cvename>CVE-2023-21879</cvename>
      <cvename>CVE-2023-21881</cvename>
      <cvename>CVE-2023-21883</cvename>
      <cvename>CVE-2023-21840</cvename>
      <cvename>CVE-2023-21882</cvename>
      <cvename>CVE-2023-21874</cvename>
      <url>https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2023-01-20</discovery>
      <entry>2023-01-21</entry>
    </dates>
  </vuln>

  <vuln vid="005dfb48-990d-11ed-b9d3-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-24">
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored
	    XSS in "Add new question"</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored XSS
	    in admin user page</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored XSS
	    in FAQ comments</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a blind
	    stored XSS in admin open question page</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a reflected
	    XSS in the admin backend login</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid stored XSS
	    on user, category, FAQ, news and configuration admin backend</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid weak passwords</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/</url>
      <url>https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/</url>
      <url>https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/</url>
      <url>https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/</url>
      <url>https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/</url>
      <url>https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/</url>
      <url>https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/</url>
      <url>https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/</url>
      <url>https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/</url>
    </references>
    <dates>
      <discovery>2023-01-15</discovery>
      <entry>2023-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="95176ba5-9796-11ed-bfbf-080027f5fec9">
    <topic>rack -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-rack</name>
	<range><lt>3.0.4.1,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack22</name>
	<range><lt>2.2.6.2,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack16</name>
	<range><lt>1.6.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aaron Patterson reports:</p>
	<blockquote cite="https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md">
	  <dl>
	    <dt>CVE-2022-44570</dt>
	    <dd>
	      Carefully crafted input can cause the Range header
	      parsing component in Rack to take an unexpected amount
	      of time, possibly resulting in a denial of service
	      attack vector. Any applications that deal with Range
	      requests (such as streaming applications, or
	      applications that serve files) may be impacted.
	    </dd>
	    <dt>CVE-2022-44571</dt>
	    <dd>
	      Carefully crafted input can cause Content-Disposition
	      header parsing in Rack to take an unexpected amount of
	      time, possibly resulting in a denial of service attack
	      vector. This header is used typically used in multipart
	      parsing. Any applications that parse multipart posts
	      using Rack (virtually all Rails applications) are
	      impacted.
	    </dd>
	    <dt>CVE-2022-44572</dt>
	    <dd>
	      Carefully crafted input can cause RFC2183 multipart
	      boundary parsing in Rack to take an unexpected amount of
	      time, possibly resulting in a denial of service attack
	      vector. Any applications that parse multipart posts
	      using Rack (virtually all Rails applications) are
	      impacted.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-44570</cvename>
      <cvename>CVE-2022-44571</cvename>
      <cvename>CVE-2022-44572</cvename>
      <url>https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md</url>
      <url>https://github.com/advisories/GHSA-65f5-mfpf-vfhj</url>
      <url>https://github.com/advisories/GHSA-93pm-5p5f-3ghx</url>
      <url>https://github.com/advisories/GHSA-rqv2-275x-2jq5</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="00919005-96a3-11ed-86e9-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.55</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.55">
	  <p>mod_dav out of bounds read, or write of zero byte (CVE-2006-20001)
	    (moderate)</p>
	  <p>mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)</p>
	  <p>mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response
	    splitting (CVE-2022-37436) (moderate)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37436</cvename>
      <cvename>CVE-2022-36760</cvename>
      <cvename>CVE-2006-20001</cvename>
      <url>https://downloads.apache.org/httpd/CHANGES_2.4.55</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="5fa68bd9-95d9-11ed-811a-080027f5fec9">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.8</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.8.20230116</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.9</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/releases/tag/7.0.8">
	  <dl>
	    <dt>CVE-2022-35977</dt>
	    <dd>
	      Integer overflow in the Redis SETRANGE and SORT/SORT_RO
	      commands can drive Redis to OOM panic.
	    </dd>
	    <dt>CVE-2023-22458</dt>
	    <dd>
	      Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
	      commands can lead to denial-of-service.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35977</cvename>
      <cvename>CVE-2023-22458</cvename>
      <url>https://github.com/redis/redis/releases/tag/7.0.8</url>
    </references>
    <dates>
      <discovery>2023-01-16</discovery>
      <entry>2023-01-16</entry>
    </dates>
  </vuln>

  <vuln vid="9d9e9439-959e-11ed-b464-b42e991fc52e">
    <topic>security/keycloak -- Multiple possible DoS attacks</topic>
    <affects>
      <package>
	<name>keycloak</name>
	<range><lt>20.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CIRCL reports:</p>
	<blockquote cite="https://cve.circl.lu/cve/CVE-2022-41966">
	    <ul>
	      <li>CVE-2022-41966: XStream serializes Java objects to XML
	      and back again.
	      Versions prior to 1.4.20 may allow a remote attacker
	      to terminate the application with a stack
	      overflow error, resulting in a denial of
	      service only via manipulation the
	      processed input stream.
	      </li>
	      <li>CVE-2022-40151: If the parser is running on user
	      supplied input, an attacker may supply content that
	      causes the parser to crash by stackoverflow. This
	      effect may support a denial of service attack.
	      </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40151</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151</url>
      <cvename>CVE-2022-41966</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966</url>
    </references>
    <dates>
      <discovery>2022-09-07</discovery>
      <entry>2023-01-16</entry>
    </dates>
  </vuln>

  <vuln vid="847f16e5-9406-11ed-a925-3065ec8fd3ec">
    <topic>security/tor -- SOCKS4(a) inversion bug</topic>
    <affects>
      <package>
	<name>tor</name>
	<range><lt>0.4.7.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tor Project reports:</p>
	<blockquote cite="https://gitlab.torproject.org/tpo/core/tor/-/issues/40730">
	  <p>TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through</p>
	  <p>This is a report from hackerone:<br/>
	     We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a).
	     Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://hackerone.com/bugs?subject=torproject&amp;report_id=1784589</url>
      <url>https://gitlab.torproject.org/tpo/core/tor/-/issues/40730</url>
    </references>
    <dates>
      <discovery>2023-01-12</discovery>
      <entry>2023-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="76e2fcce-92d2-11ed-a635-080027f5fec9">
    <topic>emacs -- arbitary shell command execution vulnerability of ctags</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<range><lt>28.2_2,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>30.0.50.202211128,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>lu4nx reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-45939">
	  <p>
	    GNU Emacs through 28.2 allows attackers to execute
	    commands via shell metacharacters in the name of a
	    source-code file, because lib-src/etags.c uses the system
	    C library function in its implementation of the ctags
	    program. For example, a victim may use the "ctags *"
	    command (suggested in the ctags documentation) in a
	    situation where the current working directory has contents
	    that depend on untrusted input.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-45939</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-45939</url>
    </references>
    <dates>
      <discovery>2022-11-28</discovery>
      <entry>2023-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="53caf29b-9180-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cassandra tema reports:</p>
	<blockquote cite="https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14">
	  <p>This release contains 6 security fixes including</p>
	  <ul>
	      <li>CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory</li>
	      <li>CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.</li>
	      <li>CVE-2019-2684: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE</li>
	      <li>CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.</li>
	      <li>CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.</li>
	      <li>CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24823</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823</url>
      <cvename>CVE-2020-7238</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238</url>
      <cvename>CVE-2019-2684</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684</url>
      <cvename>CVE-2022-25857</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857</url>
      <cvename>CVE-2022-42003</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003</url>
      <cvename>CVE-2022-42004</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004</url>
    </references>
    <dates>
      <discovery>2023-01-11</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="60624f63-9180-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- arbitrary code execution</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marcus Eriksson reports:</p>
	<blockquote cite="https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356">
	  <p>
	  When running Apache Cassandra with
	  the following configuration:
	  enable_user_defined_functions: true
	  enable_scripted_user_defined_functions: true
	  enable_user_defined_functions_threads: false
	  it is possible for an attacker to execute arbitrary code on
	  the host. The attacker would need to have enough permissions
	  to create user defined functions in the cluster to be able
	  to exploit this.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44521</cvename>
      <url>https://www.cvedetails.com/cve/CVE-2021-44521</url>
    </references>
    <dates>
      <discovery>2022-02-11</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="b3fd12ea-917a-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- jBCrypt integer overflow</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>mindrot project reports:</p>
	<blockquote cite="http://www.mindrot.org/projects/jBCrypt/news/rel04.html">
	  <p>There is an integer overflow that
	  occurs with very large log_rounds values, first reported by
	  Marcus Rathsfeld.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-0886</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886</url>
    </references>
    <dates>
      <discovery>2015-01-30</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="9fa7b139-c1e9-409e-bed0-006aadcf5845">
    <topic>xorg-server -- Multiple security issues in X server extensions</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.5,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.5,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>22.1.6,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.319</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2022-December/003302.html">
	  <ul>
	    <li>CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
	    overflow

	    <p>The swap handler for the XTestFakeInput request of the XTest extension
	    may corrupt the stack if GenericEvents with lengths larger than 32 bytes
	    are sent through a the XTestFakeInput request.</p>

	    <p>This issue does not affect systems where client and server use the same
	    byte order.</p></li>

	    <li>CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
	    out-of-bounds access

	    <p>The handler for the XIPassiveUngrab request accesses out-of-bounds
	    memory when invoked with a high keycode or button code.</p></li>

	    <li>CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
	    use-after-free

	    <p>The handler for the XvdiSelectVideoNotify request may write to memory
	    after it has been freed.</p></li>

	    <li>CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
	    use-after-free

	    <p>The handler for the ScreenSaverSetAttributes request may write to memory
	    after it has been freed.</p></li>

	    <li>CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
	    out-of-bounds access

	    <p>The handler for the XIChangeProperty request has a length-validation
	    issues, resulting in out-of-bounds memory reads and potential
	    information disclosure.</p></li>

	    <li>CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free

	    <p>The XkbCopyNames function left a dangling pointer to freed memory,
	    resulting in out-of-bounds memory access on subsequent XkbGetKbdByName
	    requests.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2022-December/003302.html</url>
      <cvename>CVE-2022-46340</cvename>
      <cvename>CVE-2022-46341</cvename>
      <cvename>CVE-2022-46342</cvename>
      <cvename>CVE-2022-46343</cvename>
      <cvename>CVE-2022-46344</cvename>
      <cvename>CVE-2022-4283</cvename>
    </references>
    <dates>
      <discovery>2022-12-14</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="3a023570-91ab-11ed-8950-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.7.0</ge><lt>15.7.2</lt></range>
	<range><ge>15.6.0</ge><lt>15.6.4</lt></range>
	<range><ge>6.6.0</ge><lt>15.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/">
	  <p>Race condition on gitlab.com enables verified email forgery and third-party account hijacking</p>
	  <p>DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint</p>
	  <p>Maintainer can leak sentry token by changing the configured URL</p>
	  <p>Maintainer can leak masked webhook secrets by changing target URL of the webhook</p>
	  <p>Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP</p>
	  <p>Group access tokens continue to work after owner loses ability to revoke them</p>
	  <p>Users' avatar disclosure by user ID in private GitLab instances</p>
	  <p>Arbitrary Protocol Redirection in GitLab Pages</p>
	  <p>Regex DoS due to device-detector parsing user agents</p>
	  <p>Regex DoS in the Submodule Url Parser</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4037</cvename>
      <cvename>CVE-2022-3613</cvename>
      <cvename>CVE-2022-4365</cvename>
      <cvename>CVE-2022-4342</cvename>
      <cvename>CVE-2022-3573</cvename>
      <cvename>CVE-2022-4167</cvename>
      <cvename>CVE-2022-3870</cvename>
      <cvename>CVE-2023-0042</cvename>
      <cvename>CVE-2022-4131</cvename>
      <cvename>CVE-2022-3514</cvename>
      <url>https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/</url>
    </references>
    <dates>
      <discovery>2023-01-09</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="7b929503-911d-11ed-a925-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>109.0.5414.74</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>109.0.5414.74</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html">
	  <p>This release contains 17 security fixes, including:</p>
	  <ul>
	    <li>[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16</li>
	    <li>[1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07</li>
	    <li>[1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30</li>
	    <li>[1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28</li>
	    <li>[1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05</li>
	    <li>[1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17</li>
	    <li>[1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17</li>
	    <li>[1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18</li>
	    <li>[1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26</li>
	    <li>[1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10</li>
	    <li>[1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23</li>
	    <li>[1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24</li>
	    <li>[1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18</li>
	    <li>[1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0128</cvename>
      <cvename>CVE-2023-0129</cvename>
      <cvename>CVE-2023-0130</cvename>
      <cvename>CVE-2023-0131</cvename>
      <cvename>CVE-2023-0132</cvename>
      <cvename>CVE-2023-0133</cvename>
      <cvename>CVE-2023-0134</cvename>
      <cvename>CVE-2023-0135</cvename>
      <cvename>CVE-2023-0136</cvename>
      <cvename>CVE-2023-0137</cvename>
      <cvename>CVE-2023-0138</cvename>
      <cvename>CVE-2023-0139</cvename>
      <cvename>CVE-2023-0140</cvename>
      <cvename>CVE-2023-0141</cvename>
      <url>https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-01-10</discovery>
      <entry>2023-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="59c284f4-8d2e-11ed-9ce0-b42e991fc52e">
    <topic>net-mgmt/cacti is vulnerable to remote command injection</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>1.2.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cacti team reports:</p>
	<blockquote cite="https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf">
	<p>
	    A command injection vulnerability allows an
	    unauthenticated user to execute arbitrary code on a server
	    running Cacti, if a specific data source was selected for
	    any monitored device.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46169</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-46169</url>
    </references>
    <dates>
      <discovery>2022-12-05</discovery>
      <entry>2023-01-05</entry>
      <modified>2023-01-09</modified>
    </dates>
  </vuln>

  <vuln vid="541696ed-8d12-11ed-af80-ecf4bbc0bda0">
    <topic>devel/viewvc-devel is vulnerable to cross-site scripting</topic>
    <affects>
      <package>
	<name>py37-viewvc-devel</name>
	<name>py38-viewvc-devel</name>
	<name>py39-viewvc-devel</name>
	<range><lt>1.3.0.20230104</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>C. Michael Pilato reports:</p>
	<blockquote cite="https://github.com/viewvc/viewvc/releases/tag/1.1.30">
	  <p>security fix: escape revision view copy paths (#311) [CVE-2023-22464]</p>
	</blockquote>
	<blockquote cite="https://github.com/viewvc/viewvc/releases/tag/1.1.29">
	  <p>security fix: escape revision view changed paths (#311) [CVE-2023-22456]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22464</cvename>
      <cvename>CVE-2023-22456</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22464</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22456</url>
    </references>
    <dates>
      <discovery>2023-01-04</discovery>
      <entry>2023-01-05</entry>
    </dates>
  </vuln>

  <vuln vid="5b2eac07-8b4d-11ed-8b23-a0f3c100ae18">
    <topic>rxvt-unicode is vulnerable to a remote code execution</topic>
    <affects>
      <package>
	<name>rxvt-unicode</name>
	<range><lt>9.31</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marc Lehmann reports:</p>
	<blockquote cite="http://lists.schmorp.de/pipermail/rxvt-unicode/2023q1/002638.html">
	  <p>The biggest issue is resolving CVE-2022-4170, which allows command
	     execution inside urxvt from within the terminal (that means anything that
	     can output text in the terminal can start commands in the context of the
	     urxvt process, even remotely).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4170</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-4170</url>
    </references>
    <dates>
      <discovery>2022-12-05</discovery>
      <entry>2023-01-03</entry>
    </dates>
  </vuln>

  <vuln vid="86c330fe-bbae-4ca7-85f7-5321e627a4eb">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22219">
	  <p>Remove ReverseProxy authentication from the API</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21139">
	  <p>Support Go Vulnerability Management</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20935">
	  <p>Forbid HTML string tooltips</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.18.0</url>
    </references>
    <dates>
      <discovery>2022-08-23</discovery>
      <entry>2023-01-02</entry>
    </dates>
  </vuln>