path: root/security/vuxml/vuln/2023.xml

  <vuln vid="7015ab21-9230-490f-a2fe-f7557e3de25d">
    <topic>electron{26,27} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron26</name>
	<range><lt>26.6.3</lt></range>
      </package>
      <package>
	<name>electron27</name>
	<range><lt>27.2.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.3">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-6508.</li>
	    <li>Security: backported fix for CVE-2023-7024.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6508</cvename>
      <url>https://github.com/advisories/GHSA-3pr6-6r34-c98x</url>
      <cvename>CVE-2023-7024</cvename>
      <url>https://github.com/advisories/GHSA-7c6v-f3h8-2x89</url>
    </references>
    <dates>
      <discovery>2023-12-21</discovery>
      <entry>2023-12-22</entry>
    </dates>
  </vuln>

  <vuln vid="b2765c89-a052-11ee-bed2-596753f1a87c">
    <topic>gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.21.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/28519">
	  <p>Update golang.org/x/crypto</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.21.3</url>
    </references>
    <dates>
      <discovery>2023-12-19</discovery>
      <entry>2023-12-21</entry>
    </dates>
  </vuln>

  <vuln vid="482bb980-99a3-11ee-b5f7-6bd56600d90c">
    <topic>gitea -- missing permission checks</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.21.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/28406">
	  <p>Fix missing check</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/28423">
	  <p>Do some missing checks</p>
	</blockquote>
	<p>By crafting an API request, attackers can access the contents of
	issues even though the logged-in user does not have access rights to
	these issues.</p>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.21.2</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-09-10</entry>
    </dates>
  </vuln>

  <vuln vid="0f7598cc-9fe2-11ee-b47f-901b0e9408dc">
    <topic>nebula -- security fix for terrapin vulnerability</topic>
    <affects>
      <package>
	<name>nebula</name>
	<range><lt>1.8.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Upstream reports:</p>
	<blockquote cite="https://github.com/slackhq/nebula/releases/tag/v1.8.1">
	  <p>Security fix:</p>
	  <ul>
	    <li>Update golang.org/x/crypto, which includes a fix for CVE-2023-48795.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-48795</cvename>
      <url>https://www.openssh.com/txt/release-9.6</url>
      <url>https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d</url>
      <url>https://terrapin-attack.com/</url>
    </references>
    <dates>
      <discovery>2023-10-16</discovery>
      <entry>2023-12-19</entry>
    </dates>
  </vuln>

  <vuln vid="1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6">
    <topic>chromium -- security fix</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>120.0.6099.129</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>120.0.6099.129</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html">
	 <p>This update includes 1 security fix:</p>
	 <ul>
	    <li>[1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-7024</cvename>
      <url>https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html</url>
    </references>
    <dates>
      <discovery>2023-12-20</discovery>
      <entry>2023-12-21</entry>
    </dates>
  </vuln>

  <vuln vid="91955195-9ebb-11ee-bc14-a703705db3a6">
    <topic>putty -- add protocol extension against 'Terrapin attack'</topic>
    <affects>
      <package>
	<name>putty</name>
	<range><lt>0.80</lt></range>
      </package>
       <package>
	<name>putty-nogtk</name>
	<range><lt>0.80</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Tatham reports:</p>
	<blockquote cite="https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html">
		<p>PuTTY version 0.80 [contains] one security fix [...] for a newly discovered security issue known as the 'Terrapin'
   attack, also numbered CVE-2023-48795. The issue affects widely-used
   OpenSSH extensions to the SSH protocol: the ChaCha20+Poly1305
   cipher system, and 'encrypt-then-MAC' mode.</p>
   <p>In order to benefit from the fix, you must be using a fixed version
   of PuTTY _and_ a server with the fix, so that they can agree to
	   adopt a modified version of the protocol. [...]</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-48795</cvename>
      <url>https://lists.tartarus.org/pipermail/putty-announce/2023/000037.html</url>
      <url>https://www.openssh.com/txt/release-9.6</url>
      <url>https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html</url>
      <url>https://terrapin-attack.com/</url>
    </references>
    <dates>
      <discovery>2023-10-16</discovery>
      <entry>2023-12-19</entry>
    </dates>
  </vuln>

  <vuln vid="76c2110b-9e97-11ee-ae23-a0f3c100ae18">
    <topic>slurm-wlm -- Several security issues</topic>
    <affects>
      <package>
	<name>slurm-wlm</name>
	<range><lt>23.11.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Slurm releases notes:</p>
	<blockquote cite="https://www.schedmd.com/news.php?id=283#OPT_283">
	  <h1>Description</h1>
	  <h5>CVE-2023-49933 through CVE-2023-49938</h5>
	  <p>Slurm versions 23.11.1, 23.02.7, 22.05.11 are now available
	     and address a number of recently-discovered security issues.
	     They've been assigned CVE-2023-49933 through CVE-2023-49938.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-49933</cvename>
      <cvename>CVE-2023-49934</cvename>
      <cvename>CVE-2023-49935</cvename>
      <cvename>CVE-2023-49936</cvename>
      <cvename>CVE-2023-49937</cvename>
      <cvename>CVE-2023-49938</cvename>
    </references>
    <dates>
      <discovery>2023-11-29</discovery>
      <entry>2023-12-19</entry>
    </dates>
  </vuln>

  <vuln vid="fd47fcfe-ec69-4000-b9ce-e5e62102c1c7">
    <topic>couchdb -- information sharing via couchjs processes</topic>
    <affects>
      <package>
	<name>couchdb</name>
	<range><lt>3.3.2,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nick Vatamane reports:</p>
    <blockquote cite="https://docs.couchdb.org/en/stable/cve/2023-26268.html">
	<p>Design documents with matching document IDs, from databases on the
      same cluster, may share a mutable Javascript environment when using
      various design document functions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-26268</cvename>
      <url>https://docs.couchdb.org/en/stable/cve/2023-26268.html</url>
    </references>
    <dates>
      <discovery>2023-05-02</discovery>
      <entry>2023-12-17</entry>
    </dates>
  </vuln>

  <vuln vid="e2fb85ce-9a3c-11ee-af26-001b217b3468">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.6.0</ge><lt>16.6.2</lt></range>
	<range><ge>16.5.0</ge><lt>16.5.4</lt></range>
	<range><ge>8.17.0</ge><lt>16.4.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/">
	  <p>Smartcard authentication allows impersonation of arbitrary user using user's public certificate</p>
	  <p>When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge</p>
	  <p>The GitLab web interface does not ensure the integrity of information when downloading the source code from installation packages or tags</p>
	  <p>Project maintainer can escalate to Project owner using project access token rotate API</p>
	  <p>Omission of Double Encoding in File Names Facilitates the Creation of Repositories with Malicious Content</p>
	  <p>Unvalidated timeSpent value leads to unable to load issues on Issue board</p>
	  <p>Developer can bypass predefined variables via REST API</p>
	  <p>Auditor users can create merge requests on projects they don't have access to</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6680</cvename>
      <cvename>CVE-2023-6564</cvename>
      <cvename>CVE-2023-6051</cvename>
      <cvename>CVE-2023-3907</cvename>
      <cvename>CVE-2023-5512</cvename>
      <cvename>CVE-2023-3904</cvename>
      <cvename>CVE-2023-5061</cvename>
      <cvename>CVE-2023-3511</cvename>
      <url>https://about.gitlab.com/releases/2023/12/13/security-release-gitlab-16-6-2-released/</url>
    </references>
    <dates>
      <discovery>2023-12-13</discovery>
      <entry>2023-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="502c9f72-99b3-11ee-86bb-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>120.0.6099.109</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>120.0.6099.109</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html">
	 <p>This update includes 9 security fixes:</p>
	 <ul>
	    <li>[1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10</li>
	    <li>[1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14</li>
	    <li>[1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23</li>
	    <li>[1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28</li>
	    <li>[1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09</li>
	    <li>[1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-6702</cvename>
      <cvename>CVE-2023-6703</cvename>
      <cvename>CVE-2023-6704</cvename>
      <cvename>CVE-2023-6705</cvename>
      <cvename>CVE-2023-6706</cvename>
      <cvename>CVE-2023-6707</cvename>
      <url>https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html</url>
    </references>
    <dates>
      <discovery>2023-12-12</discovery>
      <entry>2023-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="8eefff69-997f-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- NFS client data corruption and kernel memory disclosure</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>14.0</ge><lt>14.0_3</lt></range>
	<range><ge>13.2</ge><lt>13.2_8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve
	the performance of IO_APPEND writes, that is, writes which add data
	to the end of a file and so extend its size.  This uncovered an old
	bug in some routines which copy userspace data into the kernel.
	The bug also affects the NFS client's implementation of direct I/O;
	however, this implementation is disabled by default by the
	vfs.nfs.nfs_directio_enable sysctl and is only used to handle
	synchronous writes.</p>
	<h1>Impact:</h1>
	<p>When a program running on an affected system appends data to a
	file via an NFS client mount, the bug can cause the NFS client to
	fail to copy in the data to be written but proceed as though the
	copy operation had succeeded.  This means that the data to be written
	is instead replaced with whatever data had been in the packet buffer
	previously.  Thus, an unprivileged user with access to an affected
	system may abuse the bug to trigger disclosure of sensitive
	information.  In particular, the leak is limited to data previously
	stored in mbufs, which are used for network transmission and
	reception, and for certain types of inter-process communication.</p>
	<p>The bug can also be triggered unintentionally by system
	applications, in which case the data written by the application to an
	NFS mount may be corrupted.  Corrupted data is written over the
	network to the NFS server, and thus also susceptible to being snooped
	by other hosts on the network.</p>
	<p>Note that the bug exists only in the NFS client; the version and
	implementation of the server has no effect on whether a given system
	is affected by the problem.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-6660</cvename>
      <freebsdsa>SA-23:18.nfsclient</freebsdsa>
    </references>
    <dates>
      <discovery>2023-12-12</discovery>
      <entry>2023-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="972568d6-3485-40ab-80ff-994a8aaf9683">
    <topic>xorg-server -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.10,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.10,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>23.2.3,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.582</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-December/003435.html">
	  <ul>
	    <li>CVE-2023-6377/ZDI-CAN-22412/ZDI-CAN-22413: X.Org
	    server: Out-of-bounds memory write in XKB button actions

	    <p>A device has XKB button actions for each button on the
	    device. When a logical device switch happens (e.g. moving
	    from a touchpad to a mouse), the server re-calculates the
	    information available on the respective master device
	    (typically the Virtual Core Pointer). This re-calculation
	    only allocated enough memory for a single XKB action
	    rather instead of enough for the newly active physical
	    device's number of button. As a result, querying or
	    changing the XKB button actions results in out-of-bounds
	    memory reads and writes.</p>

	    <p>This may lead to local privilege escalation if the server is run as root or
	    remote code execution (e.g. x11 over ssh).</p></li>

	    <li>CVE-2023-6478/ZDI-CAN-22561: X.Org server:
	    Out-of-bounds memory read in RRChangeOutputProperty and
	    RRChangeProviderProperty

	    <p>This fixes an OOB read and the resulting information disclosure.</p>

	    <p>Length calculation for the request was clipped to a 32-bit integer. With
	    the correct stuff->nUnits value the expected request size was
	    truncated, passing the REQUEST_FIXED_SIZE check.</p>

	    <p>The server then proceeded with reading at least stuff->nUnits bytes
	    (depending on stuff->format) from the request and stuffing whatever it
	    finds into the property. In the process it would also allocate at least
	    stuff->nUnits bytes, i.e. 4GB.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-December/003435.html</url>
      <cvename>CVE-2023-6377</cvename>
      <cvename>CVE-2023-6478</cvename>
    </references>
    <dates>
      <discovery>2023-12-13</discovery>
      <entry>2023-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="4405e9ad-97fe-11ee-86bb-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>120.0.6099.62</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>120.0.6099.62</lt></range>
      </package>
      <package>
       <name>qt5-webengine</name>
       <range><lt>5.15.16.p5_2</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html">
	 <p>This update includes 10 security fixes:</p>
	 <ul>
	    <li>[1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31</li>
	    <li>[1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21</li>
	    <li>[1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08</li>
	    <li>[1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04</li>
	    <li>[1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-6508</cvename>
      <cvename>CVE-2023-6509</cvename>
      <cvename>CVE-2023-6510</cvename>
      <cvename>CVE-2023-6511</cvename>
      <cvename>CVE-2023-6512</cvename>
      <url>https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-12-05</discovery>
      <entry>2023-12-11</entry>
    </dates>
  </vuln>

  <vuln vid="2bc376c0-977e-11ee-b4bc-b42e991fc52e">
    <topic>apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication</topic>
    <affects>
      <package>
	<name>zookeeper</name>
	<range><lt>3.7.2</lt></range>
       <range><ge>3.8.0</ge><lt>3.8.3</lt></range>
       <range><ge>3.9.0</ge><lt>3.9.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@apache.org reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2023/10/11/4">
	  <p>Authorization Bypass Through User-Controlled Key vulnerability in
	Apache ZooKeeper.  If SASL Quorum Peer authentication is enabled
	in ZooKeeper (quorum.auth.enableSasl=true), the authorization is
	done by verifying that the instance part in SASL authentication ID
	is listed in zoo.cfg server list.  The instance part in SASL auth
	ID is optional and if it&apos;s missing, like &apos;eve@EXAMPLE.COM&apos;,
	the authorization check will be skipped.As a result an arbitrary
	endpoint could join the cluster and begin propagating counterfeit
	changes to the leader, essentially giving it complete read-write
	access to the data tree.Quorum Peer authentication is not enabled
	by default.
	Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2,
	which fixes the issue.
	Alternately ensure the ensemble election/quorum communication is
	protected by a firewall as this will mitigate the issue.
	See the documentation for more details on correct cluster administration.
	</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-44981</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-44981</url>
    </references>
    <dates>
      <discovery>2023-10-11</discovery>
      <entry>2023-12-10</entry>
    </dates>
  </vuln>

  <vuln vid="e07a7754-12a4-4661-b852-fd221d68955f">
    <topic>electron25 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.8</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.8">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-6350.</li>
	    <li>Security: backported fix for CVE-2023-6351.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6350</cvename>
      <url>https://github.com/advisories/GHSA-wmh6-7xp9-5gh8</url>
      <cvename>CVE-2023-6351</cvename>
      <url>https://github.com/advisories/GHSA-47vw-3hx2-6877</url>
    </references>
    <dates>
      <discovery>2023-12-06</discovery>
      <entry>2023-12-07</entry>
    </dates>
  </vuln>

  <vuln vid="9cbbc506-93c1-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- TCP spoofing vulnerability in pf(4)</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>14.0</ge><lt>14.0_2</lt></range>
	<range><ge>13.2</ge><lt>13.2_4</lt></range>
	<range><ge>12.4</ge><lt>12.4_6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>As part of its stateful TCP connection tracking implementation,
	pf performs sequence number validation on inbound packets.  This
	makes it difficult for a would-be attacker to spoof the sender and
	inject packets into a TCP stream, since crafted packets must contain
	sequence numbers which match the current connection state to avoid
	being rejected by the firewall.</p>
	<p>A bug in the implementation of sequence number validation means
	that the sequence number is not in fact validated, allowing an
	attacker who is able to impersonate the remote host and guess the
	connection's port numbers to inject packets into the TCP stream.</p>
	<h1>Impact:</h1>
	<p>An attacker can, with relatively little effort, inject packets
	into a TCP stream destined to a host behind a pf firewall.  This
	could be used to implement a denial-of-service attack for hosts
	behind the firewall, for example by sending TCP RST packets to the
	host.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-6534</cvename>
      <freebsdsa>SA-23:17.pf</freebsdsa>
    </references>
    <dates>
      <discovery>2023-12-05</discovery>
      <entry>2023-12-05</entry>
      <modified>2023-12-14</modified>
    </dates>
  </vuln>

  <vuln vid="f25a34b1-910d-11ee-a1a2-641c67a117d8">
    <topic>varnish -- HTTP/2 Rapid Reset Attack</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.4.2</lt></range>
      </package>
      <package>
	<name>varnish6</name>
	<range><lt>6.6.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00013.html">
	  <p>A denial of service attack can be performed on Varnish Cache servers
	that have the HTTP/2 protocol turned on. An attacker can create a large
	volume of streams and immediately reset them without ever reaching the
	maximum number of concurrent streams allowed for the session, causing
	the Varnish server to consume unnecessary resources processing requests
	for which the response will not be delivered.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-44487</cvename>
      <url>https://varnish-cache.org/security/VSV00013.html</url>
    </references>
    <dates>
      <discovery>2023-11-13</discovery>
      <entry>2023-12-02</entry>
    </dates>
  </vuln>

  <vuln vid="3b14b2b4-9014-11ee-98b3-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.6.0</ge><lt>16.6.1</lt></range>
	<range><ge>16.5.0</ge><lt>16.5.3</lt></range>
	<range><ge>8.13.0</ge><lt>16.4.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/">
	  <p>XSS and ReDoS in Markdown via Banzai pipeline of Jira</p>
	  <p>Members with admin_group_member custom permission can add members with higher role</p>
	  <p>Release Description visible in public projects despite release set as project members only through atom response</p>
	  <p>Manipulate the repository content in the UI (CVE-2023-3401 bypass)</p>
	  <p>External user can abuse policy bot to gain access to internal projects</p>
	  <p>Client-side DOS via Mermaid Flowchart</p>
	  <p>Developers can update pipeline schedules to use protected branches even if they don't have permission to merge</p>
	  <p>Users can install Composer packages from public projects even when Package registry is turned off</p>
	  <p>Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches</p>
	  <p>Guest users can react (emojis) on confidential work items which they cant see in a project</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6033</cvename>
      <cvename>CVE-2023-6396</cvename>
      <cvename>CVE-2023-3949</cvename>
      <cvename>CVE-2023-5226</cvename>
      <cvename>CVE-2023-5995</cvename>
      <cvename>CVE-2023-4912</cvename>
      <cvename>CVE-2023-4317</cvename>
      <cvename>CVE-2023-3964</cvename>
      <cvename>CVE-2023-4658</cvename>
      <cvename>CVE-2023-3443</cvename>
      <url>https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/</url>
    </references>
    <dates>
      <discovery>2023-11-30</discovery>
      <entry>2023-12-01</entry>
    </dates>
  </vuln>

  <vuln vid="7e1a508f-7167-47b0-b9fc-95f541933a86">
    <topic>electron26 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron26</name>
	<range><lt>26.6.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.2">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-6345.</li>
	    <li>Security: backported fix for CVE-2023-6346.</li>
	    <li>Security: backported fix for CVE-2023-6347.</li>
	    <li>Security: backported fix for CVE-2023-6350.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6345</cvename>
      <url>https://github.com/advisories/GHSA-xm5p-7w7v-qqr5</url>
      <cvename>CVE-2023-6346</cvename>
      <url>https://github.com/advisories/GHSA-w427-5x7p-xj8x</url>
      <cvename>CVE-2023-6347</cvename>
      <url>https://github.com/advisories/GHSA-6jj9-4hh8-6xpv</url>
      <cvename>CVE-2023-6350</cvename>
      <url>https://github.com/advisories/GHSA-wmh6-7xp9-5gh8</url>
    </references>
    <dates>
      <discovery>2023-11-30</discovery>
      <entry>2023-12-01</entry>
    </dates>
  </vuln>

  <vuln vid="302fc846-860f-482e-a8f6-ee9f254dfacf">
    <topic>electron25 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.7">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-6345.</li>
	    <li>Security: backported fix for CVE-2023-6346.</li>
	    <li>Security: backported fix for CVE-2023-6347.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-6345</cvename>
      <url>https://github.com/advisories/GHSA-xm5p-7w7v-qqr5</url>
      <cvename>CVE-2023-6346</cvename>
      <url>https://github.com/advisories/GHSA-w427-5x7p-xj8x</url>
      <cvename>CVE-2023-6347</cvename>
      <url>https://github.com/advisories/GHSA-6jj9-4hh8-6xpv</url>
    </references>
    <dates>
      <discovery>2023-12-01</discovery>
      <entry>2023-12-01</entry>
    </dates>
  </vuln>

  <vuln vid="8cdd38c7-8ebb-11ee-86bb-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>119.0.6045.199</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>119.0.6045.199</lt></range>
      </package>
      <package>
       <name>qt5-webengine</name>
       <range><lt>5.15.16.p5_2</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html">
	 <p>This update includes 7 security fixes:</p>
	 <ul>
	    <li>[1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10</li>
	    <li>[1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21</li>
	    <li>[1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09</li>
	    <li>[1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13</li>
	    <li>[1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13</li>
	    <li>[1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group on 2023-11-24</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-6348</cvename>
      <cvename>CVE-2023-6347</cvename>
      <cvename>CVE-2023-6346</cvename>
      <cvename>CVE-2023-6350</cvename>
      <cvename>CVE-2023-6351</cvename>
      <cvename>CVE-2023-6345</cvename>
      <url>https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html</url>
    </references>
    <dates>
      <discovery>2023-11-28</discovery>
      <entry>2023-11-29</entry>
    </dates>
  </vuln>

  <vuln vid="388e6557-8c80-11ee-9ee3-84a93843eb75">
    <topic>MariaDB -- Denial-of-Service vulnerability</topic>
    <affects>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.23</lt></range>
      </package>
      <package>
	<name>mariadb106-server</name>
	<range><lt>10.6.16</lt></range>
      </package>
      <package>
	<name>mariadb1011-server</name>
	<range><lt>10.11.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MariaDB project reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/">
	  <p>Easily exploitable vulnerability allows high privileged attacker
	    with network access via multiple protocols to compromise MySQL
	    Server. Successful attacks of this vulnerability can result in
	    unauthorized ability to cause a hang or frequently repeatable crash
	    (complete DOS) of MySQL Server.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-22084</cvename>
      <url>https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/</url>
      <url>https://mariadb.com/kb/en/mariadb-10-6-16-release-notes/</url>
      <url>https://mariadb.com/kb/en/mariadb-10-5-23-release-notes/</url>
    </references>
    <dates>
      <discovery>2023-11-13</discovery>
      <entry>2023-11-26</entry>
    </dates>
  </vuln>

  <vuln vid="a62c0c50-8aa0-11ee-ac0d-00e0670f2660">
    <topic>strongSwan -- vulnerability in charon-tkm</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><ge>5.3.0</ge><lt>5.9.11_3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>strongSwan reports:</p>
	<blockquote cite="https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html">
	  <p>A vulnerability in charon-tkm related to processing
	     DH public values was discovered in strongSwan
	     that can result in a buffer overflow and potentially
	     remote code execution. All versions since
	     5.3.0 are affected.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-41913</cvename>
      <url>https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html</url>
    </references>
    <dates>
      <discovery>2023-11-20</discovery>
      <entry>2023-11-24</entry>
    </dates>
  </vuln>

  <vuln vid="147353a3-c33b-46d1-b751-e72c0d7f29df">
    <topic>electron{25,26} -- use after free in Garbage Collection</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.6</lt></range>
      </package>
      <package>
	<name>electron26</name>
	<range><lt>26.6.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.6">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5997.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5997</cvename>
      <url>https://github.com/advisories/GHSA-fggx-frxq-cpx8</url>
    </references>
    <dates>
      <discovery>2023-11-22</discovery>
      <entry>2023-11-22</entry>
    </dates>
  </vuln>

  <vuln vid="0da4db89-84bf-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple security fixes</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>119.0.6045.159</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>119.0.6045.159</lt></range>
      </package>
      <package>
       <name>qt5-webengine</name>
       <range><lt>5.15.16.p5</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html">
	 <p>This update includes 4 security fixes:</p>
	 <ul>
	    <li>[1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31</li>
	    <li>[1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5997</cvename>
      <cvename>CVE-2023-6112</cvename>
      <url>https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2023-11-14</discovery>
      <entry>2023-11-16</entry>
    </dates>
  </vuln>

  <vuln vid="a30f1a12-117f-4dac-a1d0-d65eaf084953">
    <topic>electron{25,26} -- use after free in WebAudio</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.5</lt></range>
      </package>
      <package>
	<name>electron26</name>
	<range><lt>26.6.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.5">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5996.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5996</cvename>
      <url>https://github.com/advisories/GHSA-q3gq-rg4m-vgrp</url>
    </references>
    <dates>
      <discovery>2023-11-15</discovery>
      <entry>2023-11-16</entry>
    </dates>
  </vuln>

  <vuln vid="2fe004f5-83fd-11ee-9f5d-31909fb2f495">
    <topic>openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><ge>2.6.0</ge><lt>2.6.7_1</lt></range>
      </package>
      <package>
	<name>openvpn-devel</name>
	<range><lt>g20231109,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenVPN community project team reports:</p>
	<blockquote cite="https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267">
		<p>CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore "--fragment" configuration in some circumstances, leading to a division by zero when "--fragment" is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash.
		<br />
Reported by Niccolo Belli and WIPocket (Github #400, #417).
	</p>
	<p>CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417)</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-46849</cvename>
      <cvename>CVE-2023-46850</cvename>
      <url>https://github.com/OpenVPN/openvpn/blob/v2.6.7/Changes.rst#overview-of-changes-in-267</url>
    </references>
    <dates>
      <discovery>2023-08-29</discovery>
      <entry>2023-11-15</entry>
      <modified>2023-12-31</modified>
    </dates>
  </vuln>

  <vuln vid="7cc003cb-83b9-11ee-957d-b42e991fc52e">
    <topic>typo3 -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>typo3-11</name>
	<name>typo3-12</name>
	<range><lt>11.5.33</lt></range>
	<range><lt>12.4.33</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019">
	<p>Weak Authentication in Session Handling in typo3/cms-core:
	In typo3 installations there are always
	at least two different sites.  Eg.  first.example.org and
	second.example.com.  In affected versions a session cookie
	generated for the first site can be reused on the second site
	without requiring additional authentication.  This
	vulnerability has been addressed in versions 8.7.55, 9.5.44,
	10.4.41, 11.5.33, and 12.4.8.  Users are advised to upgrade.
	There are no known workarounds for this vulnerability.</p>
	<p>Information Disclosure in Install Tool in typo3/cms-install:
	In affected versions the login screen of the standalone
	install tool discloses the full path of the transient data
	directory (e.g.  /var/www/html/var/transient/).  This applies
	to composer-based scenarios only - classic non-composer
	installations are not affected.  This issue has been addressed
	in version 12.4.8.  Users are advised to upgrade.  There are
	no known workarounds for this vulnerability.
	</p>
	<p>By-passing Cross-Site Scripting Protection in HTML Sanitizer:
	In affected versions DOM processing instructions are not
	handled correctly.  This allows bypassing the cross-site
	scripting mechanism of typo3/html-sanitizer.  This
	vulnerability has been addressed in versions 1.5.3 and 2.1.4.
	Users are advised to upgrade.  There are no known workarounds
	for this vulnerability.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-47125</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-47125</url>
      <cvename>CVE-2023-47126</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-47126</url>
      <cvename>CVE-2023-47127</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-47127</url>
    </references>
    <dates>
      <discovery>2023-11-14</discovery>
      <entry>2023-11-15</entry>
    </dates>
  </vuln>

  <vuln vid="31f45d06-7f0e-11ee-94b4-6cc21735f730">
    <topic>postgresql-server -- Memory disclosure in aggregate function calls</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>16.1</lt></range>
	<range><lt>15.5</lt></range>
	<range><lt>14.10</lt></range>
	<range><lt>13.13</lt></range>
	<range><lt>12.17</lt></range>
	<range><lt>11.22</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-5868/">
	  <p>
	    Certain aggregate function calls receiving "unknown"-type
	    arguments could disclose bytes of server memory from the end of
	    the "unknown"-type value to the next zero byte. One typically
	    gets an "unknown"-type value via a string literal having no type
	    designation. We have not confirmed or ruled out viability of
	    attacks that arrange for presence of notable, confidential
	    information in disclosed bytes.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5868</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-5868/</url>
    </references>
    <dates>
      <discovery>2023-11-09</discovery>
      <entry>2023-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="0f445859-7f0e-11ee-94b4-6cc21735f730">
    <topic>postgresql-server -- Buffer overrun from integer overflow in array modification</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>16.1</lt></range>
	<range><lt>15.5</lt></range>
	<range><lt>14.10</lt></range>
	<range><lt>13.13</lt></range>
	<range><lt>12.17</lt></range>
	<range><lt>11.22</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-5869/">
	  <p>
	    While modifying certain SQL array values, missing
	    overflow checks let authenticated database users write
	    arbitrary bytes to a memory area that facilitates
	    arbitrary code execution. Missing overflow checks also
	    let authenticated database users read a wide area of
	    server memory. The CVE-2021-32027 fix covered some
	    attacks of this description, but it missed others.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5869</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-5869/</url>
    </references>
    <dates>
      <discovery>2023-11-09</discovery>
      <entry>2023-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="bbb18fcb-7f0d-11ee-94b4-6cc21735f730">
    <topic>postgresql-server -- Role pg_cancel_backend can signal certain superuser processes</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>16.1</lt></range>
	<range><lt>15.5</lt></range>
	<range><lt>14.10</lt></range>
	<range><lt>13.13</lt></range>
	<range><lt>12.17</lt></range>
	<range><lt>11.22</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-5870/">
	  <p>
	    Documentation says the pg_cancel_backend role cannot
	    signal "a backend owned by a superuser". On the
	    contrary, it can signal background workers, including
	    the logical replication launcher. It can signal
	    autovacuum workers and the autovacuum launcher.
	    Signaling autovacuum workers and those two launchers
	    provides no meaningful exploit, so exploiting this
	    vulnerability requires a non-core extension with a
	    less-resilient background worker. For example, a
	    non-core background worker that does not auto-restart
	    would experience a denial of service with respect to
	    that particular background worker.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5870</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-5870/</url>
    </references>
    <dates>
      <discovery>2023-11-09</discovery>
      <entry>2023-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="5558dded-a870-4fbe-8b0a-ba198db47007">
    <topic>electron{25,26} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.4</lt></range>
      </package>
      <package>
	<name>electron26</name>
	<range><lt>26.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.4">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5849.</li>
	    <li>Security: backported fix for CVE-2023-5482.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5849</cvename>
      <url>https://github.com/advisories/GHSA-7cjp-92p9-vr97</url>
      <cvename>CVE-2023-5482</cvename>
      <url>https://github.com/advisories/GHSA-pq78-6h8h-rcf4</url>
    </references>
    <dates>
      <discovery>2023-11-08</discovery>
      <entry>2023-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="4ade0c4d-7e83-11ee-9a8c-00155d01f201">
    <topic>libsndfile_project -- Integer overflow in dataend calculation</topic>
    <affects>
      <package>
	<name>libsndfile</name>
	<range><lt>1.2.2_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://github.com/libsndfile/libsndfile/issues/789">
	  <p>Multiple signed integers overflow in function au_read_header in
	src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c
	in Libsndfile, allows an attacker to cause Denial of Service or
	other unspecified impacts.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2022-33065</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-33065</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="77fc311d-7e62-11ee-8290-a8a1599412c6">
    <topic>chromium -- security update</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>119.0.6045.123</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>119.0.6045.123</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html">
	 <p>This update includes 1 security fix:</p>
	 <ul>
	    <li>[1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5996</cvename>
      <url>https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-11-07</discovery>
      <entry>2023-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="a5956603-7e4f-11ee-9df6-84a93843eb75">
    <topic>OpenSSL -- DoS in DH generation</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>3.0.12_1,1</lt></range>
      </package>
      <package>
	<name>openssl111</name>
	<range><lt>1.1.1w_1</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.4_1</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.12_1</lt></range>
      </package>
      <package>
	<name>openssl31-quictls</name>
	<range><lt>3.1.4_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20231106.txt">
	  <p>Excessive time spent in DH check / generation with large Q
	    parameter value (low).
	    Generating excessively long X9.42 DH keys or checking
	    excessively long X9.42 DH keys or parameters may be very slow.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5678</cvename>
      <url>https://www.openssl.org/news/secadv/20231106.txt</url>
    </references>
    <dates>
      <discovery>2023-11-08</discovery>
      <entry>2023-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="f4464e49-7e04-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Incorrect libcap_net limitation list manipulation</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Casper services allow limiting operations that a process can
	perform.  Each service maintains a specific list of permitted
	operations.  Certain operations can be further restricted, such as
	specifying which domain names can be resolved.  During the verification
	of limits, the service must ensure that the new set of constraints
	is a subset of the previous one.  In the case of the cap_net service,
	the currently limited set of domain names was fetched incorrectly.</p>
	<h1>Impact:</h1>
	<p>In certain scenarios, if only a list of resolvable domain names
	was specified without setting any other limitations, the application
	could submit a new list of domains including include entries not
	previously in the list.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5978</cvename>
      <freebsdsa>SA-23:16.cap_net</freebsdsa>
    </references>
    <dates>
      <discovery>2023-11-08</discovery>
      <entry>2023-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="5afcc9a4-7e04-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- libc stdio buffer overflow</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_5</lt></range>
	<range><ge>12.4</ge><lt>12.4_7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>For line-buffered streams the __sflush() function did not
	correctly update the FILE object's write space member when the
	write(2) system call returns an error.</p>
	<h1>Impact:</h1>
	<p>Depending on the nature of an application that calls libc's
	stdio functions and the presence of errors returned from the write(2)
	system call (or an overridden stdio write routine) a heap buffer
	overfly may occur.  Such overflows may lead to data corruption or
	the execution of arbitrary code at the privilege level of the calling
	program.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5941</cvename>
      <freebsdsa>SA-23:15.stdio</freebsdsa>
    </references>
    <dates>
      <discovery>2023-11-08</discovery>
      <entry>2023-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="a1a1f81c-7c13-11ee-bcf1-f8b156b6dcc8">
    <topic>vorbistools -- heap buffer overflow in oggenc</topic>
    <affects>
      <package>
	<name>vorbis-tools</name>
	<range><lt>1.4.2_4,3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Frank-Z7 reports:</p>
	<blockquote cite="https://github.com/xiph/vorbis-tools/issues/41">
	  <p>Heap buffer overflow when vorbis-tools/oggenc converts
	    WAV files to Ogg files.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-43361</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-43361</url>
    </references>
    <dates>
      <discovery>2023-09-16</discovery>
      <entry>2023-11-05</entry>
    </dates>
  </vuln>

  <vuln vid="fe7ac70a-792b-11ee-bf9a-a04a5edf46d9">
    <topic>PptiPNG -- Global-buffer-overflow</topic>
    <affects>
      <package>
	<name>optipng</name>
	<range><lt>0.7.7_1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Frank-Z7 reports:</p>
	<blockquote cite="https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md">
	  <p>Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out"
	    configuration options enabled raises a global-buffer-overflow bug,
	    which could allow a remote attacker to conduct a denial-of-service
	    attack or other unspecified effect on a crafted file.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-43907</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-43907</url>
    </references>
    <dates>
      <discovery>2023-09-30</discovery>
      <entry>2023-11-02</entry>
    </dates>
  </vuln>

  <vuln vid="a1e27775-7a61-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>119.0.6045.105</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>119.0.6045.105</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html">
	 <p>This update includes 15 security fixes:</p>
	 <ul>
	    <li>[1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14</li>
	    <li>[1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13</li>
	    <li>[1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13</li>
	    <li>[1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22</li>
	    <li>[1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18</li>
	    <li>[1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10</li>
	    <li>[1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22</li>
	    <li>[1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs &amp; DNSLab, Korea Univ on 2023-10-01</li>
	    <li>[1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13</li>
	    <li>[1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17</li>
	    <li>[1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18</li>
	    <li>[1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24</li>
	    <li>[1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5480</cvename>
      <cvename>CVE-2023-5482</cvename>
      <cvename>CVE-2023-5849</cvename>
      <cvename>CVE-2023-5850</cvename>
      <cvename>CVE-2023-5851</cvename>
      <cvename>CVE-2023-5852</cvename>
      <cvename>CVE-2023-5853</cvename>
      <cvename>CVE-2023-5854</cvename>
      <cvename>CVE-2023-5855</cvename>
      <cvename>CVE-2023-5856</cvename>
      <cvename>CVE-2023-5857</cvename>
      <cvename>CVE-2023-5858</cvename>
      <cvename>CVE-2023-5859</cvename>
      <url>https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html</url>
    </references>
    <dates>
      <discovery>2023-10-31</discovery>
      <entry>2023-11-03</entry>
    </dates>
  </vuln>

  <vuln vid="4f370c80-79ce-11ee-be8e-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq-php80</name>
	<name>phpmyfaq-php81</name>
	<name>phpmyfaq-php82</name>
	<name>phpmyfaq-php83</name>
	<range><lt>3.2.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2023-10-27">
	  <p>XSS</p>
	  <p>Insufficient session expiration</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5863</cvename>
      <cvename>CVE-2023-5865</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-5863</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-5865</url>
      <url>https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f/</url>
      <url>https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff/</url>
    </references>
    <dates>
      <discovery>2023-10-31</discovery>
      <entry>2023-11-02</entry>
    </dates>
  </vuln>

  <vuln vid="d2505ec7-78ea-11ee-9131-6f01853956d5">
    <topic>open-vm-tools -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>open-vm-tools</name>
	<range><lt>12.3.5</lt></range>
      </package>
      <package>
	<name>open-vm-tools-nox11</name>
	<range><lt>12.3.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>VMware reports:</p>
	<blockquote cite="https://www.vmware.com/security/advisories/VMSA-2023-0024.html">
	  <p>This update includes 2 security fixes:</p>
	  <ul>
	     <li>High CVE-2023-34058: SAML token signature bypass vulnerability</li>
	     <li>High CVE-2023-34059: File descriptor hijack vulnerability in the vmware-user-suid-wrapper</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-34058</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-34058</url>
      <cvename>CVE-2023-34059</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-34059</url>
    </references>
    <dates>
      <discovery>2023-10-26</discovery>
      <entry>2023-11-01</entry>
    </dates>
  </vuln>

  <vuln vid="a612c25f-788a-11ee-8d57-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.5.0</ge><lt>16.5.1</lt></range>
	<range><ge>16.4.0</ge><lt>16.4.2</lt></range>
	<range><ge>11.6.0</ge><lt>16.3.6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/">
	  <p>Disclosure of CI/CD variables using Custom project templates</p>
	  <p>GitLab omnibus DoS crash via OOM with CI Catalogs</p>
	  <p>Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service</p>
	  <p>DoS - Blocking FIFO files in Tar archives</p>
	  <p>Titles exposed by service-desk template</p>
	  <p>Approval on protected environments can be bypassed</p>
	  <p>Version information disclosure when super_sidebar_logged_out feature flag is enabled</p>
	  <p>Add abuse detection for search syntax filter pipes</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-3399</cvename>
      <cvename>CVE-2023-5825</cvename>
      <cvename>CVE-2023-3909</cvename>
      <cvename>CVE-2023-3246</cvename>
      <cvename>CVE-2023-5600</cvename>
      <cvename>CVE-2023-4700</cvename>
      <cvename>CVE-2023-5831</cvename>
      <url>https://about.gitlab.com/releases/2023/10/31/security-release-gitlab-16-5-1-16-4-2-16-3-6-released/</url>
    </references>
    <dates>
      <discovery>2023-10-31</discovery>
      <entry>2023-11-01</entry>
    </dates>
  </vuln>

  <vuln vid="386a14bb-1a21-41c6-a2cf-08d79213379b">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>6.0.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v6.0.2">
	  <p> A specially-crafted SSL packet could cause Zeek to
	  leak memory and potentially crash. </p>
	  <p> A specially-crafted series of FTP packets could cause
	  Zeek to log entries for requests that have already been
	  completed, using resources unnecessarily and potentially
	  causing Zeek to lose other traffic. </p>
	  <p> A specially-crafted series of SSL packets could cause
	  Zeek to output a very large number of unnecessary alerts
	  for the same record. </p>
	  <p> A specially-crafted series of SSL packets could cause
	  Zeek to generate very long ssl_history fields in the
	  ssl.log, potentially using a large amount of memory due
	  to unbounded state growth </p>
	  <p> A specially-crafted IEEE802.11 packet could cause
	  Zeek to overflow memory and potentially crash </p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v6.0.2</url>
    </references>
    <dates>
      <discovery>2023-10-27</discovery>
      <entry>2023-10-27</entry>
    </dates>
  </vuln>

  <vuln vid="db33e250-74f7-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>118.0.5993.117</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>118.0.5993.117</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦想改造家 on 2023-10-10</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5472</cvename>
      <url>https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2023-10-24</discovery>
      <entry>2023-10-27</entry>
    </dates>
  </vuln>

  <vuln vid="9e2fdfc7-e237-4393-9fa5-2d50908c66b3">
    <topic>xorg-server -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.9,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.9,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>23.2.2,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.542</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-October/003430.html">
	  <ul>
	    <li>ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write
	    in XIChangeDeviceProperty/RRChangeOutputProperty

	    <p>When prepending values to an existing property an
	    invalid offset calculation causes the existing values to
	    be appended at the wrong offset. The resulting memcpy()
	    would write into memory outside the heap-allocated
	    array.</p></li>

	    <li>ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in
	    DestroyWindow

	    <p>This vulnerability requires a legacy multi-screen setup
	    with multiple protocol screens ("Zaphod"). If the pointer
	    is warped from one screen to the root window of the other
	    screen, the enter/leave code may retain a reference to the
	    previous pointer window. Destroying this window leaves
	    that reference in place, other windows may then trigger a
	    use-after-free bug when they are destroyed. </p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-October/003430.html</url>
      <cvename>CVE-2023-5367</cvename>
      <cvename>CVE-2023-5380</cvename>
    </references>
    <dates>
      <discovery>2023-10-25</discovery>
      <entry>2023-10-25</entry>
    </dates>
  </vuln>

  <vuln vid="a8fb8e3a-730d-11ee-ab61-b42e991fc52e">
    <topic>squid -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>6.4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The squid-cache project reports:</p>
	<blockquote cite="https://github.com/squid-cache/squid/security/advisories?page=1">
	  <ul>
	    <li>Denial of Service in FTP</li>
	    <li>Request/Response smuggling in HTTP/1.1 and ICAP</li>
	    <li>Denial of Service in HTTP Digest Authentication</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w</url>
      <url>https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh</url>
      <url>https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g</url>
    </references>
    <dates>
      <discovery>2023-10-21</discovery>
      <entry>2023-10-25</entry>
    </dates>
  </vuln>

  <vuln vid="4a4712ae-7299-11ee-85eb-84a93843eb75">
    <topic>OpenSSL -- potential loss of confidentiality</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>3.0.12,1</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.4</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.12</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20231024.txt">
	  <p>Moderate severity: A bug has been identified in the processing
	    of key and initialisation vector (IV) lengths. This can lead to
	    potential truncation or overruns during the initialisation of
	    some symmetric ciphers.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5363</cvename>
      <url>https://www.openssl.org/news/secadv/20231024.txt</url>
    </references>
    <dates>
      <discovery>2023-10-24</discovery>
      <entry>2023-10-24</entry>
    </dates>
  </vuln>

  <vuln vid="22df5074-71cd-11ee-85eb-84a93843eb75">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.44</lt></range>
      </package>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.35</lt></range>
      </package>
      <package>
	<name>mysql-connector-j</name>
	<range><lt>8.1.1</lt></range>
      </package>
      <package>
	<name>mysql-connector-odbc</name>
	<range><lt>8.1.1</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.35</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 37 new security patches, plus
	    additional third party patches noted below, for Oracle MySQL. 9 of
	    these vulnerabilities may be remotely exploitable without
	    authentication, i.e., may be exploited over a network without
	    requiring user credentials.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2022-42898</cvename>
      <cvename>CVE-2023-2650</cvename>
      <cvename>CVE-2023-3817</cvename>
      <cvename>CVE-2023-22015</cvename>
      <cvename>CVE-2023-22026</cvename>
      <cvename>CVE-2023-22028</cvename>
      <cvename>CVE-2023-22032</cvename>
      <cvename>CVE-2023-22059</cvename>
      <cvename>CVE-2023-22064</cvename>
      <cvename>CVE-2023-22065</cvename>
      <cvename>CVE-2023-22066</cvename>
      <cvename>CVE-2023-22068</cvename>
      <cvename>CVE-2023-22070</cvename>
      <cvename>CVE-2023-22078</cvename>
      <cvename>CVE-2023-22079</cvename>
      <cvename>CVE-2023-22084</cvename>
      <cvename>CVE-2023-22092</cvename>
      <cvename>CVE-2023-22094</cvename>
      <cvename>CVE-2023-22095</cvename>
      <cvename>CVE-2023-22097</cvename>
      <cvename>CVE-2023-22102</cvename>
      <cvename>CVE-2023-22103</cvename>
      <cvename>CVE-2023-22104</cvename>
      <cvename>CVE-2023-22110</cvename>
      <cvename>CVE-2023-22111</cvename>
      <cvename>CVE-2023-22112</cvename>
      <cvename>CVE-2023-22113</cvename>
      <cvename>CVE-2023-22114</cvename>
      <cvename>CVE-2023-22115</cvename>
      <cvename>CVE-2023-38545</cvename>
      <url>https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2023-10-17</discovery>
      <entry>2023-10-23</entry>
    </dates>
  </vuln>

  <vuln vid="e14b9870-62a4-11ee-897b-000bab9f87f1">
    <topic>Request Tracker -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rt44</name>
	<range><lt>4.4.6</lt></range>
      </package>
      <package>
	<name>rt50</name>
	<range><lt>5.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Request Tracker reports:</p>
	<p>CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface.</p>
	<p>CVE-2023-41260 SECURITY: RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface.</p>
	<p>CVE-2023-45024 SECURITY: RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-41259</cvename>
      <cvename>CVE-2023-41260</cvename>
      <cvename>CVE-2023-45024</cvename>
      <url>https://bestpractical.com/request-tracker/</url>
    </references>
    <dates>
      <discovery>2023-10-18</discovery>
      <entry>2023-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="9000591b-483b-45ac-9c87-b3df3a4198ec">
    <topic>electron{25,26} -- Use after free in Site Isolation</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.2</lt></range>
      </package>
      <package>
	<name>electron26</name>
	<range><lt>26.4.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.2">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5218.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5218</cvename>
      <url>https://github.com/advisories/GHSA-cvp3-7vpw-ffh6</url>
    </references>
    <dates>
      <discovery>2023-10-18</discovery>
      <entry>2023-10-19</entry>
    </dates>
  </vuln>

  <vuln vid="f923205f-6e66-11ee-85eb-84a93843eb75">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.58</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://dlcdn.apache.org/httpd/CHANGES_2.4.58">
	  <ul>
	    <li>CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
	      memory not reclaimed right away on RST</li>
	    <li>CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
	      initial windows size 0</li>
	    <li>CVE-2023-31122: mod_macro buffer over-read</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-45802</cvename>
      <cvename>CVE-2023-43622</cvename>
      <cvename>CVE-2023-31122</cvename>
      <url>https://dlcdn.apache.org/httpd/CHANGES_2.4.58</url>
    </references>
    <dates>
      <discovery>2023-10-19</discovery>
      <entry>2023-10-19</entry>
    </dates>
  </vuln>

  <vuln vid="f8c2f741-6be1-11ee-b33a-a04a5edf46d9">
    <topic>moonlight-embedded -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>moonlight-embedded</name>
	<range><lt>2.6.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The moonlight-embedded project reports:</p>
	<blockquote cite="https://github.com/moonlight-stream/moonlight-embedded/releases/tag/v2.6.1">
	  <p>Moonlight Embedded v2.6.1 fixed CVE-2023-42799, CVE-2023-42800,
	    and CVE-2023-42801.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2022-42799</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-42799</url>
      <cvename>CVE-2022-42800</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-42800</url>
      <cvename>CVE-2022-42801</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-42801</url>
    </references>
    <dates>
      <discovery>2022-01-11</discovery>
      <entry>2023-10-16</entry>
    </dates>
  </vuln>

  <vuln vid="1ee26d45-6ddb-11ee-9898-00e081b7aa2d">
    <topic>jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.428</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.414.3</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-10-18/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487</h5>
	  <p>HTTP/2 denial of service vulnerability in bundled Jetty</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-36478</cvename>
      <cvename>CVE-2023-44487</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-10-18/</url>
    </references>
    <dates>
      <discovery>2023-10-18</discovery>
      <entry>2023-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="d2ad7647-6dd9-11ee-85eb-84a93843eb75">
    <topic>Roundcube -- XSS vulnerability in SVG</topic>
    <affects>
      <package>
	<name>roundcube</name>
	<range><lt>1.6.4,1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Roundcube project reports:</p>
	<blockquote cite="https://roundcube.net/news/2023/10/16/security-update-1.6.4-released">
	  <p>cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages</p>
	</blockquote>
	</body>
    </description>
    <references>
      <url>https://roundcube.net/news/2023/10/16/security-update-1.6.4-released</url>
    </references>
    <dates>
      <discovery>2023-10-16</discovery>
      <entry>2023-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="8706e097-6db7-11ee-8744-080027f5fec9">
    <topic>redis -- Possible bypassing Unix socket permissions</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.2.2</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.2.2.20231018</lt></range>
      </package>
      <package>
	<name>redis70</name>
	<range><lt>7.0.14</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.14</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team  reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/r81pHa-dcI8">
	  <p>
	    The wrong order of listen(2) and chmod(2) calls creates a
	    race condition that can be used by another process to
	    bypass desired Unix socket permissions on startup.
	  </p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-45145</cvename>
      <url>https://groups.google.com/g/redis-db/c/r81pHa-dcI8</url>
    </references>
    <dates>
      <discovery>2023-10-18</discovery>
      <entry>2023-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="ae0ee356-6ae1-11ee-bfb6-8c164567ca3c">
    <topic>libcue -- out-of-bounds array access</topic>
    <affects>
      <package>
	<name>libcue</name>
	<range><lt>2.3.0</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The libcue team reports:</p>
	<blockquote cite="https://github.com/lipnitsk/libcue/releases/tag/v2.3.0">
	  <p>There is a vulnerability to out-of-bounds array access.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-43641</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-43641</url>
    </references>
    <dates>
      <discovery>2023-10-09</discovery>
      <entry>2023-10-14</entry>
    </dates>
  </vuln>

  <vuln vid="7a1b2624-6a89-11ee-af06-5404a68ad561">
    <topic>traefik -- Resource exhaustion by malicious HTTP/2 client</topic>
    <affects>
      <package>
	<name>traefik</name>
	<range><lt>2.10.5</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The traefik authors report:</p>
	<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g">
	  <p>There is a vulnerability in GO managing HTTP/2 requests, which
	     impacts Traefik. This vulnerability could be exploited to cause
	     a denial of service.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-39325</cvename>
      <cvename>CVE-2023-44487</cvename>
      <url>https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g</url>
    </references>
    <dates>
      <discovery>2023-10-10</discovery>
      <entry>2023-10-14</entry>
    </dates>
  </vuln>

  <vuln vid="199cdb4d-690d-11ee-9ed0-001fc69cd6dc">
    <topic>x11/libXpm multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libXpm</name>
	<range><lt>3.5.17</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg/2023-October/061506.html">
	  <dl>
	    <dt>CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer</dt>
	    <dd>An out-of-bounds read is located in ParseComment() when reading from
	    a memory buffer instead of a file, as it continued to look for the
	    closing comment marker past the end of the buffer.</dd>
	    <dt>CVE-2023-43789: Out of bounds read on XPM with corrupted colormap</dt>
	    <dd>A corrupted colormap section may cause libXpm to read out of bounds.</dd>
	  </dl>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-43788</cvename>
      <cvename>CVE-2023-43789</cvename>
      <url>https://lists.x.org/archives/xorg/2023-October/061506.html</url>
    </references>
    <dates>
      <discovery>2023-09-22</discovery>
      <entry>2023-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="bd92f1ab-690c-11ee-9ed0-001fc69cd6dc">
    <topic>11/libX11 multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libX11</name>
	<range><lt>1.8.7</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg/2023-October/061506.html">
	  <dl>
	    <dt>CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()</dt>
	    <dd>When libX11 is processing the reply from the X server to the XkbGetMap
	    request, if it detected the number of symbols in the new map was less
	    than the size of the buffer it had allocated, it always added room for
	    128 more symbols, instead of the actual size needed. While the
	    _XkbReadBufferCopyKeySyms() helper function returned an error if asked
	    to copy more keysyms into the buffer than there was space allocated for,
	    the caller never checked for an error and assumed the full set of keysyms
	    was copied into the buffer and could then try to read out of bounds when
	    accessing the buffer.  libX11 1.8.7 has been patched to both fix the size
	    allocated and check for error returns from _XkbReadBufferCopyKeySyms().</dd>
	    <dt>CVE-2023-43786: stack exhaustion in XPutImage</dt>
	    <dd>When splitting a single line of pixels into chunks that fit in a single
	    request (not using the BIG-REQUESTS extension) to send to the X server,
	    the code did not take into account the number of bits per pixel, so would
	    just loop forever finding it needed to send more pixels than fit in the
	    given request size and not breaking them down into a small enough chunk to
	    fit.  An XPM file was provided that triggered this bug when loaded via
	    libXpm's XpmReadFileToPixmap() function, which in turn calls XPutImage()
	    and hit this bug.</dd>
	    <dt>CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow</dt>
	    <dd>When creating an image, there was no validation that the multiplication
	    of the caller-provided width by the visual's bits_per_pixel did not
	    overflow and thus result in the allocation of a buffer too small to hold
	    the data that would be copied into it.  An XPM file was provided that
	    triggered this bug when loaded via libXpm's XpmReadFileToPixmap() function,
	    which in turn calls XCreateImage() and hit this bug.i</dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-43785</cvename>
      <cvename>CVE-2023-43786</cvename>
      <cvename>CVE-2023-43787</cvename>
      <url>https://lists.x.org/archives/xorg/2023-October/061506.html</url>
    </references>
    <dates>
      <discovery>2023-09-22</discovery>
      <entry>2023-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="07ee8c14-68f1-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>118.0.5993.70</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>118.0.5993.70</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html">
	 <p>This update includes 20 security fixes:</p>
	 <ul>
	    <li>[1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27</li>
	    <li>[1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17</li>
	    <li>[1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11</li>
	    <li>[1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30</li>
	    <li>[1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17</li>
	    <li>[1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28</li>
	    <li>[1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20</li>
	    <li>[1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15</li>
	    <li>[1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09</li>
	    <li>[1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02</li>
	    <li>[1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12</li>
	    <li>[1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13</li>
	    <li>[1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29</li>
	    <li>[1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5218</cvename>
      <cvename>CVE-2023-5487</cvename>
      <cvename>CVE-2023-5484</cvename>
      <cvename>CVE-2023-5475</cvename>
      <cvename>CVE-2023-5483</cvename>
      <cvename>CVE-2023-5481</cvename>
      <cvename>CVE-2023-5476</cvename>
      <cvename>CVE-2023-5474</cvename>
      <cvename>CVE-2023-5479</cvename>
      <cvename>CVE-2023-5485</cvename>
      <cvename>CVE-2023-5478</cvename>
      <cvename>CVE-2023-5477</cvename>
      <cvename>CVE-2023-5486</cvename>
      <cvename>CVE-2023-5473</cvename>
      <url>https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html</url>
    </references>
    <dates>
      <discovery>2023-10-10</discovery>
      <entry>2023-10-11</entry>
    </dates>
  </vuln>

  <vuln vid="4281b712-ad6b-4c21-8f66-619a9150691f">
    <topic>electron25 -- Use after free in extensions vulnerability</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.9.1</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.9.1">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5187.</li>
	  </ul>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-5187</cvename>
      <url>https://github.com/advisories/GHSA-hg3r-958g-g8vq</url>
    </references>
    <dates>
      <discovery>2023-10-11</discovery>
      <entry>2023-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="d6c19e8c-6806-11ee-9464-b42e991fc52e">
    <topic>curl -- SOCKS5 heap buffer overflow</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><gt>7.69.0</gt><lt>8.4.0</lt></range>
      </package>
      <package>
	<name>cmake-core</name>
	<range><lt>3.27.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The curl team reports:</p>
	<blockquote cite="https://curl.se/docs/CVE-2023-38545.html">
	<p>This flaw makes curl overflow a heap based buffer in the
	  SOCKS5 proxy handshake. When curl is asked to pass along
	  the hostname to the SOCKS5 proxy to allow that to resolve
	  the address instead of it getting done by curl itself, the
	  maximum length that hostname can be is 255 bytes. If the
	  hostname is detected to be longer than 255 bytes, curl
	  switches to local name resolving and instead passes on the
	  resolved address only to the proxy. Due to a bug, the
	  local variable that means "let the host resolve the name"
	  could get the wrong value during a slow SOCKS5 handshake,
	  and contrary to the intention, copy the too long hostname
	  to the target buffer instead of copying just the resolved
	  address there.
	</p>
	</blockquote>
    </body>
    </description>
    <references>
      <cvename>CVE-2023-38545</cvename>
      <url>https://curl.se/docs/CVE-2023-38545.html</url>
    </references>
    <dates>
      <discovery>2023-09-30</discovery>
      <entry>2023-10-11</entry>
      <modified>2023-10-11</modified>
    </dates>
  </vuln>

  <vuln vid="bf545001-b96d-42e4-9d2e-60fdee204a43">
	  <topic>h2o -- HTTP/2 Rapid Reset attack vulnerability</topic>
    <affects>
      <package>
    <name>h2o</name>
    <range><le>2.2.6</le></range>
      </package>
      <package>
    <name>h2o-devel</name>
    <range><lt>2.3.0.d.20231010</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	  <p>Kazuo Okuhu reports:</p>
    <blockquote cite="https://github.com/h2o/h2o/issues/3291">
		<p>
		H2O is vulnerable to the HTTP/2 Rapid Reset attack.
		An attacker might be able to consume more than adequate amount of
		processing power of h2o and the backend servers by mounting the
		attack.
    </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-44487</cvename>
      <url>https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf</url>
    </references>
    <dates>
      <discovery>2023-10-10</discovery>
      <entry>2023-10-10</entry>
    </dates>
  </vuln>

  <vuln vid="4f254817-6318-11ee-b2ff-080027de9982">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<name>py311-django32</name>
	<range><lt>3.2.22</lt></range>
      </package>
      <package>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<name>py311-django41</name>
	<range><lt>4.1.12</lt></range>
      </package>
      <package>
	<name>py39-django42</name>
	<name>py310-django42</name>
	<name>py311-django42</name>
	<range><lt>4.2.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Django reports:</p>
       <blockquote cite="https://www.djangoproject.com/weblog/2023/oct/04/security-releases/">
	<p>CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-43665</cvename>
      <url>https://www.djangoproject.com/weblog/2023/oct/04/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-10-01</discovery>
      <entry>2023-10-05</entry>
    </dates>
  </vuln>

  <vuln vid="915855ad-283d-4597-b01e-e0bf611db78b">
    <topic>libspf2 -- Integer Underflow Remote Code Execution</topic>
    <affects>
      <package>
	<name>libspf2</name>
	<range><le>1.2.11</le></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>Trendmicro ZDI reports:</p>
	<blockquote cite="https://www.zerodayinitiative.com/advisories/ZDI-23-1472/">
	<p>Integer Underflow Remote Code Execution Vulnerability</p>
	<p>The specific flaw exists within the parsing of SPF macros.
	When parsing SPF macros, the process does not properly
	validate user-supplied data, which can result in an integer
	underflow before writing to memory. An attacker can leverage
	this vulnerability to execute code in the context of the
	service account.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-42118</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42118</url>
    </references>
    <dates>
      <discovery>2022-06-06</discovery>
      <entry>2023-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="4e45c45b-629e-11ee-8290-a8a1599412c6">
    <topic>chromium -- type confusion in v8</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>117.0.5938.149</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>117.0.5938.149</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html">
	 <p>This update includes 1 security fix:</p>
	 <ul>
	    <li>[1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5346</cvename>
      <url>https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-10-03</discovery>
      <entry>2023-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="162a675b-6251-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- arm64 boot CPUs may lack speculative execution protections</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>On CPU 0 the check for the SMCCC workaround is called before
	SMCCC support has been initialized.</p>
	<h1>Impact:</h1>
	<p>No speculative execution workarounds are installed on CPU 0.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5370</cvename>
      <freebsdsa>SA-23:14.smccc</freebsdsa>
    </references>
    <dates>
      <discovery>2023-10-03</discovery>
      <entry>2023-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="e261e71c-6250-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- copy_file_range insufficient capability rights check</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_4</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The syscall checked only for the CAP_READ and CAP_WRITE
	capabilities on the input and output file descriptors, respectively.
	Using an offset is logically equivalent to seeking, and the syscall
	must additionally require the CAP_SEEK capability.</p>
	<h1>Impact:</h1>
	<p>A sandboxed process with only read or write but no seek capability
	on a file descriptor may be able to read data from or write data
	to an arbitrary location within the file corresponding to that file
	descriptor.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5369</cvename>
      <freebsdsa>SA-23:13.capsicum</freebsdsa>
    </references>
    <dates>
      <discovery>2023-10-03</discovery>
      <entry>2023-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="fefcd340-624f-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- msdosfs data disclosure</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_4</lt></range>
	<range><ge>12.4</ge><lt>12.4_6</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>In certain cases using the truncate or ftruncate system call
	to extend a file size populates the additional space in the file
	with unallocated data from the underlying disk device, rather than
	zero bytes.</p>
	<h1>Impact:</h1>
	<p>A user with write access to files on a msdosfs file system may
	be able to read unintended data (for example, from a previously
	deleted file).</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5368</cvename>
      <freebsdsa>SA-23:12.msdosfs</freebsdsa>
    </references>
    <dates>
      <discovery>2023-10-03</discovery>
      <entry>2023-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="e59fed96-60da-11ee-9102-000c29de725b">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
	<package>
	<name>mediawiki135</name>
	<range><lt>1.35.13</lt></range>
      </package>
      <package>
	<name>mediawiki139</name>
	<range><lt>1.39.5</lt></range>
      </package>
      <package>
	<name>mediawiki140</name>
	<range><lt>1.40.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawikwi reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/">
	  <p>(T264765, CVE-2023-PENDING) SECURITY: Users without correct permission
	    are incorrectly shown MediaWiki:Missing-revision-permission.</p>
	  <p>(T333050, CVE-2023-PENDING) SECURITY: Fix infinite loop for
	    self-redirects with variants conversion.</p>
	  <p>(T340217, CVE-2023-PENDING) SECURITY: Vector 2022: Numerous unescaped
	    messages leading to potential XSS.</p>
	  <p>(T340220, CVE-2023-PENDING) SECURITY: Vector 2022: vector-intro-page
	    message is assumed to yield a valid title.</p>
	  <p>(T340221, CVE-2023-PENDING) SECURITY: XSS via
	    'youhavenewmessagesmanyusers' and 'youhavenewmessages' messages.</p>
	  <p>(T341529, CVE-2023-PENDING) SECURITY: diff-multi-sameuser ("X
	    intermediate revisions by the same user not shown") ignores username
	    suppression.</p>
	  <p>(T341565, CVE-2023-3550) SECURITY: Stored XSS when uploading crafted XML
	    file to Special:Upload (non-standard configuration).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3550</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/BRWOWACCHMYRIS7JRTT6XD44X3362MVL/</url>
    </references>
    <dates>
      <discovery>2023-09-01</discovery>
      <entry>2023-10-02</entry>
    </dates>
  </vuln>

  <vuln vid="33922b84-5f09-11ee-b63d-0897988a1c07">
    <topic>Remote Code Execution via web-accessible composer</topic>
    <affects>
      <package>
	<name>php80-composer</name>
	<range><lt>1.10.27</lt></range>
	<range><gt>2.0.0</gt><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php81-composer</name>
	<range><lt>1.10.27</lt></range>
	<range><gt>2.0.0</gt><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php82-composer</name>
	<range><lt>1.10.27</lt></range>
	<range><gt>2.0.0</gt><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php83-composer</name>
	<range><lt>1.10.27</lt></range>
	<range><gt>2.0.0</gt><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php80-composer2</name>
	<range><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php81-composer2</name>
	<range><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php82-composer2</name>
	<range><lt>2.6.4</lt></range>
      </package>
      <package>
	<name>php83-composer2</name>
	<range><lt>2.6.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Composer project reports:</p>
	<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf">
	  <p>Description: Users publishing a composer.phar to a
	  public web-accessible server where the composer.phar can
	  be executed as a php file may be impacted if PHP also has
	  register_argc_argv enabled in php.ini.</p>
	  <p>Workaround: Make sure register_argc_argv is disabled
	  in php.ini, and avoid publishing composer.phar to the web
	  as this really should not happen.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-43655</cvename>
      <url>https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf</url>
    </references>
    <dates>
      <discovery>2023-09-29</discovery>
      <entry>2023-09-29</entry>
      <modified>2023-09-30</modified>
    </dates>
  </vuln>

  <vuln vid="6d9c6aae-5eb1-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>117.0.5938.132</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>117.0.5938.132</lt></range>
      </package>
      <package>
       <name>qt6-webengine</name>
       <range><lt>6.6.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html">
	 <p>This update includes 10 security fixes:</p>
	 <ul>
	    <li>[1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25</li>
	    <li>[1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05</li>
	    <li>[1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5217</cvename>
      <cvename>CVE-2023-5186</cvename>
      <cvename>CVE-2023-5187</cvename>
      <url>https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html</url>
    </references>
    <dates>
      <discovery>2023-09-27</discovery>
      <entry>2023-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="2bcd6ba4-d8e2-42e5-9033-b50b722821fb">
    <topic>electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.25</lt></range>
      </package>
      <package>
	<name>electron24</name>
	<range><lt>24.8.5</lt></range>
      </package>
      <package>
	<name>electron25</name>
	<range><lt>25.8.4</lt></range>
      </package>
      <package>
	<name>libvpx</name>
	<range><lt>1.13.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.25">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-5217.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5217</cvename>
      <url>https://github.com/advisories/GHSA-qqvq-6xgj-jw8g</url>
    </references>
    <dates>
      <discovery>2023-09-28</discovery>
      <entry>2023-09-29</entry>
      <modified>2023-09-30</modified>
    </dates>
  </vuln>

  <vuln vid="6e0ebb4a-5e75-11ee-a365-001b217b3468">
    <topic>Gitlab -- vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.4.0</ge><lt>16.4.1</lt></range>
	<range><ge>16.3.0</ge><lt>16.3.5</lt></range>
	<range><ge>8.15</ge><lt>16.2.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project</p>
	<p>Group import allows impersonation of users in CI pipelines</p>
	<p>Developers can bypass code owners approval by changing a MR's base branch</p>
	<p>Leaking source code of restricted project through a fork</p>
	<p>Third party library Consul requires enable-script-checks to be False to enable patch</p>
	<p>Service account not deleted when namespace is deleted allowing access to internal projects</p>
	<p>Enforce SSO settings bypassed for public projects for Members without identity</p>
	<p>Removed project member can write to protected branches</p>
	<p>Unauthorised association of CI jobs for Machine Learning experiments</p>
	<p>Force pipelines to not have access to protected variables and will likely fail using tags</p>
	<p>Maintainer can create a fork relationship between existing projects</p>
	<p>Disclosure of masked CI variables via processing CI/CD configuration of forks</p>
	<p>Asset Proxy Bypass using non-ASCII character in asset URI</p>
	<p>Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches</p>
	<p>Removed Developer can continue editing the source code of a public project</p>
	<p>A project reporter can leak owner's Sentry instance projects</p>
	<p>Math rendering in markdown can escape container and hijack clicks</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-5207</cvename>
      <cvename>CVE-2023-5207</cvename>
      <cvename>CVE-2023-4379</cvename>
      <cvename>CVE-2023-3413</cvename>
      <cvename>CVE-2023-3914</cvename>
      <cvename>CVE-2023-3115</cvename>
      <cvename>CVE-2023-5198</cvename>
      <cvename>CVE-2023-4532</cvename>
      <cvename>CVE-2023-3917</cvename>
      <cvename>CVE-2023-3920</cvename>
      <cvename>CVE-2023-0989</cvename>
      <cvename>CVE-2023-3906</cvename>
      <cvename>CVE-2023-4658</cvename>
      <cvename>CVE-2023-3979</cvename>
      <cvename>CVE-2023-2233</cvename>
      <cvename>CVE-2023-3922</cvename>
      <url>https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/</url>
    </references>
    <dates>
      <discovery>2023-09-28</discovery>
      <entry>2023-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="af065e47-5d62-11ee-bbae-1c61b4739ac9">
    <topic>xrdp -- unchecked access to font glyph info</topic>
    <affects>
      <package>
	<name>xrdp</name>
	<range><lt>0.9.23.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>xrdp team reports:</p>
	<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2023-42822">
	<p>Access to the font glyphs in xrdp_painter.c is not bounds-checked.
	Since some of this data is controllable by the user, this can result
	in an out-of-bounds read within the xrdp executable. The vulnerability
	allows an out-of-bounds read within a potentially privileged process.
	On non-Debian platforms, xrdp tends to run as root. Potentially an
	out-of-bounds write can follow the out-of-bounds read. There is no
	denial-of-service impact, providing xrdp is running in forking mode. This
	issue has been addressed in release 0.9.23.1. Users are advised to upgrade.
	There are no known workarounds for this vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-42822</cvename>
      <url>https://www.cve.org/CVERecord?id=CVE-2023-42822</url>
      <url>https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw</url>
    </references>
    <dates>
      <discovery>2023-09-27</discovery>
      <entry>2023-09-27</entry>
    </dates>
  </vuln>

  <vuln vid="c9ff1150-5d63-11ee-bbae-1c61b4739ac9">
    <topic>xrdp -- Improper handling of session establishment errors allows bypassing OS-level session restrictions</topic>
    <affects>
      <package>
	<name>xrdp</name>
	<range><lt>0.9.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>xrdp team reports:</p>
	<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2023-40184">
	<p>In versions prior to 0.9.23 improper handling of session establishment
	errors allows bypassing OS-level session restrictions. The `auth_start_session`
	function can return non-zero (1) value on, e.g., PAM error which may result
	in session restrictions such as max concurrent sessions per user by PAM
	(ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't
	use restrictions by PAM are not affected. This issue has been addressed in
	release version 0.9.23. Users are advised to upgrade. There are no known
	workarounds for this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-40184</cvename>
      <url>https://www.cve.org/CVERecord?id=CVE-2023-40184</url>
      <url>https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-09-27</entry>
    </dates>
  </vuln>

  <vuln vid="ea9d1fd2-5d24-11ee-8507-b42e991fc52e">
    <topic>routinator -- Possible path traversal when storing RRDP responses</topic>
    <affects>
      <package>
	<name>routinator</name>
	<range><ge>0.9.0</ge><lt>0.12.2</lt></range>
      </package>
    </affects>
    <description>
	<body xmlns="http://www.w3.org/1999/xhtml">
	<p>sep@nlnetlabs.nl reports:</p>
	<blockquote cite="https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt">
	  <p>NLnet Labs Routinator 0.9.0 up to and including 0.12.1 contains a
	possible path traversal vulnerability in the optional, off-by-default
	keep-rrdp-responses feature that allows users to store the content
	of responses received for RRDP requests.  The location of these
	stored responses is constructed from the URL of the request.  Due
	to insufficient sanitation of the URL, it is possible for an attacker
	to craft a URL that results in the response being stored outside
	of the directory specified for it.</p>
	</blockquote>
	</body>
    </description>
    <references>
      <cvename>CVE-2023-39916</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-39916</url>
    </references>
    <dates>
      <discovery>2023-09-13</discovery>
      <entry>2023-09-27</entry>
    </dates>
  </vuln>

  <vuln vid="402fccd0-5b6d-11ee-9898-00e081b7aa2d">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.424</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.414.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-09-20/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-3261 / CVE-2023-43494</h5>
	  <p>Builds can be filtered by values of sensitive build variables</p>
	  <h5>(High) SECURITY-3245 / CVE-2023-43495</h5>
	  <p>Stored XSS vulnerability</p>
	  <h5>(High) SECURITY-3072 / CVE-2023-43496 </h5>
	  <p>Temporary plugin file created with insecure permissions</p>
	  <h5>(Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser) </h5>
	  <p>Temporary uploaded file created with insecure permissions</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-43494</cvename>
      <cvename>CVE-2023-43495</cvename>
      <cvename>CVE-2023-43496</cvename>
      <cvename>CVE-2023-43497</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-09-20/</url>
    </references>
    <dates>
      <discovery>2023-09-20</discovery>
      <entry>2023-09-25</entry>
    </dates>
  </vuln>

  <vuln vid="732282a5-5a10-11ee-bca0-001999f8d30b">
    <topic>Mailpit affected by vulnerability in included go markdown module</topic>
    <affects>
      <package>
	<name>mailpit</name>
	<range><lt>1.9.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mailpit author reports:</p>
	<blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.9.1">
	  <p>Update Go modules to address CVE-2023-42821 (go markdown module DoS).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-42821</cvename>
    </references>
    <dates>
      <discovery>2023-09-23</discovery>
      <entry>2023-09-23</entry>
    </dates>
  </vuln>

  <vuln vid="4fd7a2fc-5860-11ee-a1b3-dca632daf43b">
    <topic>graphics/webp heap buffer overflow</topic>
    <affects>
      <package>
	<name>webp</name>
	<range><lt>1.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Google Chrome reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2023-4863">
	  <p>Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write ...</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4863</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-4863</url>
    </references>
    <dates>
      <discovery>2023-09-12</discovery>
      <entry>2023-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="58a738d4-57af-11ee-8c58-b42e991fc52e">
    <topic>libwebp heap buffer overflow</topic>
    <affects>
      <package>
	<name>tor-browser</name>
	<range><lt>12.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>chrome-cve-admin@google.com reports:</p>
	<blockquote cite="https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/">
	  <p>Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
	allowed a remote attacker to perform an out of bounds memory write
	via a crafted HTML page.  (Chromium security severity: Critical)
	The Tor browser is based on Firefox and GeckoView and uses also
	libwep so it is affected by this bug.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4863</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-4863</url>
    </references>
    <dates>
      <discovery>2023-09-12</discovery>
      <entry>2023-09-20</entry>
    </dates>
  </vuln>

  <vuln vid="32a4896a-56da-11ee-9186-001b217b3468">
    <topic>Gitlab -- vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.3.0</ge><lt>16.3.4</lt></range>
	<range><ge>13.12.0</ge><lt>16.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/">
	  <p>Attacker can abuse scan execution policies to run pipelines as another user</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4998</cvename>
      <url>https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/</url>
    </references>
    <dates>
      <discovery>2023-09-18</discovery>
      <entry>2023-09-19</entry>
    </dates>
  </vuln>

  <vuln vid="11982747-544c-11ee-ac3e-a04a5edf46d9">
    <topic>routinator -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>routinator</name>
	<range><lt>0.12.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NLnet Labs report:</p>
	<blockquote cite="https://nlnetlabs.nl/news/2023/Sep/13/routinator-0.12.2-released/">
	  <p>This release fixes two issues in Routinator that can be exploited
	  remotely by rogue RPKI CAs and repositories. We therefore advise all
	  users of Routinator to upgrade to this release at their earliest
	  convenience.</p>
	  <p>The first issue, CVE-2022-39915, can lead to Routinator crashing
	  when trying to decode certain illegal RPKI objects.</p>
	  <p>The second issue, CVE-2022-39916, only affects users that have the
	  rrdp-keep-responses option enabled which allows storing all received
	  RRDP responses on disk. Because the file name for these responses is
	  derived from the URI and the path wasn't checked properly, a RRDP URI
	could be constructed that results in the response stored outside the
	directory, possibly overwriting existing files.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39915</cvename>
      <url>https://nlnetlabs.nl/downloads/routinator/CVE-2023-39915.txt</url>
      <cvename>CVE-2022-39916</cvename>
      <url>https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt</url>
    </references>
    <dates>
      <discovery>2022-12-08</discovery>
      <entry>2023-09-16</entry>
    </dates>
  </vuln>

  <vuln vid="833b469b-5247-11ee-9667-080027f5fec9">
    <topic>curl -- HTTP headers eat all memory</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>8.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>selmelc on hackerone reports:</p>
	<blockquote cite="https://curl.se/docs/CVE-2023-38039.html">
	  <p>
	    When curl retrieves an HTTP response, it stores the
	    incoming headers so that they can be accessed later via
	    the libcurl headers API.
	  </p>
	  <p>
	    However, curl did not have a limit in how many or how
	    large headers it would accept in a response, allowing a
	    malicious server to stream an endless series of headers
	    and eventually cause curl to run out of heap memory.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-38039</cvename>
      <url>https://curl.se/docs/CVE-2023-38039.html HERE</url>
    </references>
    <dates>
      <discovery>2023-09-13</discovery>
      <entry>2023-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="b5508c08-547a-11ee-85eb-84a93843eb75">
    <topic>Roundcube -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>roundcube</name>
	<range><lt>1.6.3,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Roundcube webmail project reports:</p>
	<blockquote cite="https://roundcube.net/news/2023/09/15/security-update-1.6.3-released">
	  <p>cross-site scripting (XSS) vulnerability in handling of
	    linkrefs in plain text messages</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://roundcube.net/news/2023/09/15/security-update-1.6.3-released</url>
    </references>
    <dates>
      <discovery>2023-09-15</discovery>
      <entry>2023-09-16</entry>
    </dates>
  </vuln>

  <vuln vid="773ce35b-eabb-47e0-98ca-669b2b98107a">
    <topic>electron{24,25} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron24</name>
	<range><lt>24.8.3</lt></range>
      </package>
      <package>
	<name>electron25</name>
	<range><lt>25.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v24.8.3">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4763.</li>
	    <li>Security: backported fix for CVE-2023-4762.</li>
	    <li>Security: backported fix for CVE-2023-4761.</li>
	    <li>Security: backported fix for CVE-2023-4863.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4763</cvename>
      <url>https://github.com/advisories/GHSA-w5hv-g8p5-vwjr</url>
      <cvename>CVE-2023-4762</cvename>
      <url>https://github.com/advisories/GHSA-3wjr-p76q-rg8q</url>
      <cvename>CVE-2023-4761</cvename>
      <url>https://github.com/advisories/GHSA-8cgp-x4c5-vg9g</url>
      <cvename>CVE-2023-4863</cvename>
      <url>https://github.com/advisories/GHSA-j7hp-h8jx-5ppr</url>
    </references>
    <dates>
      <discovery>2023-09-13</discovery>
      <entry>2023-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="3693eca5-f0d3-453c-9558-2353150495bb">
    <topic>electron22 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.24">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4572.</li>
	    <li>Security: backported fix for CVE-2023-4762.</li>
	    <li>Security: backported fix for CVE-2023-4863.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4572</cvename>
      <url>https://github.com/advisories/GHSA-6994-5wq3-gpjv</url>
      <cvename>CVE-2023-4762</cvename>
      <url>https://github.com/advisories/GHSA-3wjr-p76q-rg8q</url>
      <cvename>CVE-2023-4863</cvename>
      <url>https://github.com/advisories/GHSA-j7hp-h8jx-5ppr</url>
    </references>
    <dates>
      <discovery>2023-09-13</discovery>
      <entry>2023-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="88754d55-521a-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>117.0.5938.62</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>117.0.5938.62</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html">
	 <p>This update includes 16 security fixes:</p>
	 <ul>
	    <li>[1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06</li>
	    <li>[1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06</li>
	    <li>[1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29</li>
	    <li>[1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14</li>
	    <li>[1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18</li>
	    <li>[1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09</li>
	    <li>[1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29</li>
	    <li>[1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30</li>
	    <li>[1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639)  on 2023-07-04</li>
	    <li>[1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06</li>
	    <li>[1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4863</cvename>
      <cvename>CVE-2023-4900</cvename>
      <cvename>CVE-2023-4901</cvename>
      <cvename>CVE-2023-4902</cvename>
      <cvename>CVE-2023-4903</cvename>
      <cvename>CVE-2023-4904</cvename>
      <cvename>CVE-2023-4905</cvename>
      <cvename>CVE-2023-4906</cvename>
      <cvename>CVE-2023-4907</cvename>
      <cvename>CVE-2023-4908</cvename>
      <cvename>CVE-2023-4909</cvename>
      <url>https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html</url>
    </references>
    <dates>
      <discovery>2023-09-12</discovery>
      <entry>2023-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="4bc66a81-89d2-4696-a04b-defd2eb77783">
    <topic>vscode -- VS Code Remote Code Execution Vulnerability</topic>
    <affects>
      <package>
	<name>vscode</name>
	<range><lt>1.82.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>VSCode developers report:</p>
	<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-r6q2-478f-5gmr">
	  <p>Visual Studio Code Remote Code Execution Vulnerability</p>
	  <p>A remote code execution vulnerability exists in VS Code 1.82.0 and earlier versions that working in a maliciously crafted package.json can result in executing commands locally. This scenario would require the attacker to get the VS Code user to open the malicious project and have get the user to open and work with malformed entries in the dependencies sections of the package.json file.</p>
	  <p>VS Code uses the locally installed npm command to fetch information on package dependencies. A package dependency can be named in such a way that the npm tool runs a script instead.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-36742</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-36742</url>
      <url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742</url>
    </references>
    <dates>
      <discovery>2023-09-12</discovery>
      <entry>2023-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="8eefa87f-31f1-496d-bf8e-2b465b6e4e8a">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>6.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v6.0.1">
	  <p> File extraction limits were not correctly enforced
	  for files containing large amounts of missing bytes. </p>
	  <p> Sessions are sometimes not cleaned up completely
	  within Zeek during shutdown, potentially causing a crash
	  when using the -B dpd flag for debug logging. </p>
	  <p> A specially-crafted HTTP packet can cause Zeek's
	  filename extraction code to take a long time to process
	  the data. </p>
	  <p> A specially-crafted series of FTP packets made up of
	  a CWD request followed by a large amount of ERPT requests
	  may cause Zeek to spend a long time logging the commands.
	  </p>
	  <p> A specially-crafted VLAN packet can cause Zeek to
	  overflow memory and potentially crash. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v6.0.1</url>
    </references>
    <dates>
      <discovery>2023-09-12</discovery>
      <entry>2023-09-12</entry>
    </dates>
  </vuln>

  <vuln vid="4061a4b2-4fb1-11ee-acc7-0151f07bc899">
    <topic>gitea -- block user account creation from blocked email domains</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.20.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/26812">
	  <p>check blocklist for emails when adding them to account</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.20.4</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.4</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-09-10</entry>
    </dates>
  </vuln>

  <vuln vid="a57472ba-4d84-11ee-bf05-000c29de725b">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python38</name>
	<range><lt>3.8.18</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.18</lt></range>
      </package>
      <package>
	<name>python310</name>
	<range><lt>3.10.13</lt></range>
      </package>
      <package>
	<name>python311</name>
	<range><lt>3.11.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html">
	  <p>gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable
	    to a bypass of the TLS handshake and included protections (like certificate
	    verification) and treating sent unencrypted data as if it were post-handshake
	    TLS encrypted data.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-40217</cvename>
      <url>https://pythoninsider.blogspot.com/2023/08/python-3115-31013-3918-and-3818-is-now.html</url>
    </references>
    <dates>
      <discovery>2023-08-22</discovery>
      <entry>2023-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="beb36f39-4d74-11ee-985e-bff341e78d94">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go120</name>
	<range><lt>1.20.8</lt></range>
      </package>
      <package>
	<name>go121</name>
	<range><lt>1.21.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/62198">
	  <p>cmd/go: go.mod toolchain directive allows arbitrary
	   execution</p>
	  <p>The go.mod toolchain directive, introduced in Go 1.21,
	   could be leveraged to execute scripts and binaries
	   relative to the root of the module when the "go" command
	   was executed within the module. This applies to modules
	   downloaded using the "go" command from the module proxy,
	   as well as modules downloaded directly using VCS software.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/62196">
	  <p>html/template: improper handling of HTML-like comments
	   within script contexts</p>
	  <p>The html/template package did not properly handle
	   HMTL-like "&lt;!--" and "--&gt;"
	   comment tokens, nor hashbang "#!" comment tokens, in
	   &lt;script&gt; contexts. This may cause the template
	   parser to improperly interpret the contents of
	   &lt;script&gt; contexts, causing actions to be improperly
	   escaped. This could be leveraged to perform an XSS attack.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/62197">
	  <p>html/template: improper handling of special tags within
	   script contexts</p>
	  <p>The html/template package did not apply the proper rules
	   for handling occurrences
	   of "&lt;script", "&lt;!--", and "&lt;/script" within JS
	   literals in &lt;script&lt; contexts. This may cause the
	   template parser to improperly consider script contexts to
	   be terminated early, causing actions to be improperly
	   escaped. This could be leveraged to perform an XSS attack.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/62266">
	  <p>crypto/tls: panic when processing post-handshake message
	   on QUIC connections</p>
	  <p>Processing an incomplete post-handshake message for a QUIC
	   connection caused a panic.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-39320</cvename>
      <cvename>CVE-2023-39318</cvename>
      <cvename>CVE-2023-39319</cvename>
      <cvename>CVE-2023-39321</cvename>
      <cvename>CVE-2023-39322</cvename>
      <url>https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ?pli=1</url>
    </references>
    <dates>
      <discovery>2023-09-06</discovery>
      <entry>2023-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="924cb116-4d35-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Wi-Fi encryption bypass</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_3</lt></range>
	<range><ge>12.4</ge><lt>12.4_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The net80211 subsystem would fallback to the multicast key for unicast
	traffic in the event the unicast key was removed.  This would result in
	buffered unicast traffic being exposed to any stations with access to the
	multicast key.</p>
	<h1>Impact:</h1>
	<p>As described in the "Framing Frames: Bypassing Wi-Fi Encryption by
	Manipulating Transmit Queues" paper, an attacker can induce an access point
	to buffer frames for a client, deauthenticate the client (causing the unicast
	key to be removed from the access point), and subsequent flushing of the
	buffered frames now encrypted with the multicast key.  This would give the
	attacker access to the data.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-47522</cvename>
      <freebsdsa>SA-23:11.wifi</freebsdsa>
    </references>
    <dates>
      <discovery>2023-09-06</discovery>
      <entry>2023-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="d35373ae-4d34-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- pf incorrectly handles multiple IPv6 fragment headers</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_3</lt></range>
	<range><ge>12.4</ge><lt>12.4_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>With a 'scrub fragment reassemble' rule, a packet containing multiple IPv6
	fragment headers would be reassembled, and then immediately processed.  That
	is, a packet with multiple fragment extension headers would not be recognized
	as the correct ultimate payload. Instead a packet with multiple IPv6 fragment
	headers would unexpectedly be interpreted as a fragmented packet, rather than
	as whatever the real payload is.</p>
	<h1>Impact:</h1>
	<p>IPv6 fragments may bypass firewall rules written on the assumption all
	fragments have been reassembled and, as a result, be forwarded or processed
	by the host.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4809</cvename>
      <freebsdsa>SA-23:10.pf</freebsdsa>
    </references>
    <dates>
      <discovery>2023-09-06</discovery>
      <entry>2023-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="6c72b13f-4d1d-11ee-a7f1-080027f5fec9">
    <topic>redis -- Possible bypassing ACL configuration</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>7.0.0</ge><lt>7.0.13</lt></range>
	<range><ge>7.2.0</ge><lt>7.2.1</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.2.0.20230831</lt></range>
      </package>
      <package>
	<name>redis70</name>
	<range><ge>7.0.0</ge><lt>7.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>yangbodong22011 reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc">
	  <p>
	    Redis does not correctly identify keys accessed by SORT_RO
	    and, as a result, may grant users executing this command
	    access to keys that are not explicitly authorized by the
	    ACL configuration.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-41053</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc</url>
    </references>
    <dates>
      <discovery>2023-09-06</discovery>
      <entry>2023-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="df0a2fd1-4c92-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>116.0.5845.179</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>116.0.5845.179</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html">
	 <p>This update includes 4 security fixes:</p>
	 <ul>
	    <li>[1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28</li>
	    <li>[1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16</li>
	    <li>[1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03</li>
	    <li>[1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4761</cvename>
      <cvename>CVE-2023-4762</cvename>
      <cvename>CVE-2023-4763</cvename>
      <cvename>CVE-2023-4764</cvename>
      <url>https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-09-05</discovery>
      <entry>2023-09-06</entry>
    </dates>
  </vuln>

  <vuln vid="8fd4f40a-4b7d-11ee-aa2a-080027de9982">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<name>py311-django32</name>
	<range><lt>3.2.21</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<name>py311-django41</name>
	<range><lt>4.1.11</lt></range>
      </package>
      <package>
	<name>py38-django42</name>
	<name>py39-django42</name>
	<name>py310-django42</name>
	<name>py311-django42</name>
	<range><lt>4.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/sep/04/security-releases/">
	  <p>CVE-2023-41164: Potential denial of service vulnerability in
	    django.utils.encoding.uri_to_iri().</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-41164</cvename>
      <url>https://www.djangoproject.com/weblog/2023/sep/04/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-09-01</discovery>
      <entry>2023-09-04</entry>
    </dates>
  </vuln>

  <vuln vid="aaea7b7c-4887-11ee-b164-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.3.0</ge><lt>16.3.1</lt></range>
	<range><ge>16.2.0</ge><lt>16.2.5</lt></range>
	<range><ge>4.1.0</ge><lt>16.1.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/">
	  <p>Privilege escalation of "external user" to internal access through group service account</p>
	  <p>Maintainer can leak sentry token by changing the configured URL (fix bypass)</p>
	  <p>Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners</p>
	  <p>Information disclosure via project import endpoint</p>
	  <p>Developer can leak DAST scanners "Site Profile" request headers and auth password</p>
	  <p>Project forking outside current group</p>
	  <p>User is capable of creating Model experiment and updating existing run's status in public project</p>
	  <p>ReDoS in bulk import API</p>
	  <p>Pagination for Branches and Tags can be skipped leading to DoS</p>
	  <p>Internal Open Redirection Due to Improper handling of "../" characters</p>
	  <p>Subgroup Member With Reporter Role Can Edit Group Labels</p>
	  <p>Banned user can delete package registries</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3915</cvename>
      <cvename>CVE-2023-4378</cvename>
      <cvename>CVE-2023-3950</cvename>
      <cvename>CVE-2023-4630</cvename>
      <cvename>CVE-2022-4343</cvename>
      <cvename>CVE-2023-4638</cvename>
      <cvename>CVE-2023-4018</cvename>
      <cvename>CVE-2023-3205</cvename>
      <cvename>CVE-2023-4647</cvename>
      <cvename>CVE-2023-1279</cvename>
      <cvename>CVE-2023-0120</cvename>
      <cvename>CVE-2023-1555</cvename>
      <url>https://about.gitlab.com/releases/2023/08/31/security-release-gitlab-16-3-1-released/</url>
    </references>
    <dates>
      <discovery>2023-08-31</discovery>
      <entry>2023-09-01</entry>
    </dates>
  </vuln>

  <vuln vid="b8a52e5a-483d-11ee-971d-3df00e0f9020">
    <topic>Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss.</topic>
    <affects>
      <package>
	<name>py37-borgbackup</name>
	<name>py38-borgbackup</name>
	<name>py39-borgbackup</name>
	<name>py310-borgbackup</name>
	<name>py311-borgbackup</name>
	<name>py312-borgbackup</name>
	<range><lt>1.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Thomas Waldmann reports:</p>
	<blockquote cite="https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811">
	  <p>A flaw in the cryptographic authentication scheme in Borg allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository.</p>
	  <p>The attack requires an attacker to be able to</p>
	  <ul><li>insert files (with no additional headers) into backups</li>
	    <li>gain write access to the repository</li></ul>
	  <p>This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives.  Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-36811</cvename>
      <url>https://github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811</url>
    </references>
    <dates>
      <discovery>2023-06-13</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="970dcbe0-a947-41a4-abe9-7aaba87f41fe">
    <topic>electron25 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.8.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.8.0">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4427.</li>
	    <li>Security: backported fix for CVE-2023-4428.</li>
	    <li>Security: backported fix for CVE-2023-4429.</li>
	    <li>Security: backported fix for CVE-2023-4430.</li>
	    <li>Security: backported fix for CVE-2023-4572.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4427</cvename>
      <url>https://github.com/advisories/GHSA-qqwc-fhxf-4mf3</url>
      <cvename>CVE-2023-4428</cvename>
      <url>https://github.com/advisories/GHSA-m56x-9vph-h345</url>
      <cvename>CVE-2023-4429</cvename>
      <url>https://github.com/advisories/GHSA-r43m-48vw-xgp3</url>
      <cvename>CVE-2023-4430</cvename>
      <url>https://github.com/advisories/GHSA-h295-rcc5-87jh</url>
      <cvename>CVE-2023-4572</cvename>
      <url>https://github.com/advisories/GHSA-6994-5wq3-gpjv</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="29f050e9-3ef4-4c5f-8204-503b41caf181">
    <topic>electron24 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron24</name>
	<range><lt>24.8.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v24.8.2">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4427.</li>
	    <li>Security: backported fix for CVE-2023-4428.</li>
	    <li>Security: backported fix for CVE-2023-4430.</li>
	    <li>Security: backported fix for CVE-2023-4572.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4427</cvename>
      <url>https://github.com/advisories/GHSA-qqwc-fhxf-4mf3</url>
      <cvename>CVE-2023-4428</cvename>
      <url>https://github.com/advisories/GHSA-m56x-9vph-h345</url>
      <cvename>CVE-2023-4430</cvename>
      <url>https://github.com/advisories/GHSA-h295-rcc5-87jh</url>
      <cvename>CVE-2023-4572</cvename>
      <url>https://github.com/advisories/GHSA-6994-5wq3-gpjv</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="579c7489-c23d-454a-b0fc-ed9d80ea46e0">
    <topic>electron22 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.23">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4427.</li>
	    <li>Security: backported fix for CVE-2023-4428.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4427</cvename>
      <url>https://github.com/advisories/GHSA-qqwc-fhxf-4mf3</url>
      <cvename>CVE-2023-4428</cvename>
      <url>https://github.com/advisories/GHSA-m56x-9vph-h345</url>
    </references>
    <dates>
      <discovery>2023-08-30</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="1a15b928-5011-4953-8133-d49e24902fe1">
    <topic>py-WsgiDAV -- XSS vulnerability</topic>
    <affects>
      <package>
    <name>py37-WsgiDAV</name>
    <name>py38-WsgiDAV</name>
    <name>py39-WsgiDAV</name>
    <name>py310-WsgiDAV</name>
    <name>py311-WsgiDAV</name>
    <range><lt>4.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-xx6g-jj35-pxjv">
      <p>Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41905</cvename>
      <url>https://osv.dev/vulnerability/GHSA-xx6g-jj35-pxjv</url>
    </references>
    <dates>
      <discovery>2022-11-11</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="17efbe19-4e72-426a-8016-2b4e001c1378">
    <topic>py-wagtail -- stored XSS vulnerability</topic>
    <affects>
      <package>
    <name>py37-wagtail</name>
    <name>py38-wagtail</name>
    <name>py39-wagtail</name>
    <name>py310-wagtail</name>
    <name>py311-wagtail</name>
    <range><lt>4.1.4</lt></range>
    <range><ge>4.2.0</ge><lt>4.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2">
      <p>A stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface.</p>
      <p>A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials.</p>
      <p>The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled.</p>
      <p>For page, the vulnerability is in the "Choose a parent page" ModelAdmin view, available when managing pages via ModelAdmin.</p>
      <p>For documents, the vulnerability is in the ModelAdmin Inspect view when displaying document fields.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28836</cvename>
      <url>https://osv.dev/vulnerability/GHSA-5286-f2rf-35c2</url>
    </references>
    <dates>
      <discovery>2023-04-03</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="2def7c4b-736f-4754-9f03-236fcb586d91">
    <topic>py-wagtail -- DoS vulnerability</topic>
    <affects>
      <package>
    <name>py37-wagtail</name>
    <name>py38-wagtail</name>
    <name>py39-wagtail</name>
    <name>py310-wagtail</name>
    <name>py311-wagtail</name>
    <range><ge>4.2.0</ge><lt>4.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9">
      <p>A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents.</p>
      <p>For both images and documents, files are loaded into memory during upload for additional processing.</p>
      <p>A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash or denial of service.</p>
      <p>The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.</p>
      <p>It can only be exploited by admin users with permission to upload images or documents.</p>
      <p>Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28837</cvename>
      <url>https://osv.dev/vulnerability/GHSA-33pv-vcgh-jfg9</url>
    </references>
    <dates>
      <discovery>2023-04-03</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="181f5e49-b71d-4527-9464-d4624d69acc3">
    <topic>py-treq -- sensitive information leak vulnerability</topic>
    <affects>
      <package>
    <name>py37-treq</name>
    <name>py38-treq</name>
    <name>py39-treq</name>
    <name>py310-treq</name>
    <name>py311-treq</name>
    <range><lt>22.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-fhpf-pp6p-55qc">
      <p>Treq's request methods (`treq.get`, `treq.post`, `HTTPClient.request`, `HTTPClient.get`, etc.) accept cookies as a dictionary.</p>
      <p>Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies").</p>
      <p>This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23607</cvename>
      <url>https://osv.dev/vulnerability/GHSA-fhpf-pp6p-55qc</url>
    </references>
    <dates>
      <discovery>2022-02-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="4eb5dccb-923c-4f18-9cd4-b53f9e28d4d7">
    <topic>py-Scrapy -- DoS vulnerability</topic>
    <affects>
      <package>
    <name>py37-Scrapy</name>
    <name>py38-Scrapy</name>
    <name>py39-Scrapy</name>
    <name>py310-Scrapy</name>
    <name>py311-Scrapy</name>
    <range><le>2.8.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>kmike and nramirezuy report:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2017-83">
      <p>Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2017-14158</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2017-83</url>
      <url>https://osv.dev/vulnerability/GHSA-h7wm-ph43-c39p</url>
    </references>
    <dates>
      <discovery>2017-09-05</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="67fe5e5b-549f-4a2a-9834-53f60eaa415e">
    <topic>py-Scrapy -- exposure of sensitive information vulnerability</topic>
    <affects>
      <package>
    <name>py37-Scrapy</name>
    <name>py38-Scrapy</name>
    <name>py39-Scrapy</name>
    <name>py310-Scrapy</name>
    <name>py311-Scrapy</name>
    <range><lt>2.6.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>ranjit-git reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-159">
      <p>Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0577</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-159</url>
      <url>https://osv.dev/vulnerability/GHSA-cjvr-mfj7-j4j8</url>
    </references>
    <dates>
      <discovery>2022-03-02</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="a5403af6-225e-48ba-b233-bd95ad26434a">
    <topic>py-Scrapy -- cookie injection vulnerability</topic>
    <affects>
      <package>
    <name>py37-Scrapy</name>
    <name>py38-Scrapy</name>
    <name>py39-Scrapy</name>
    <name>py310-Scrapy</name>
    <name>py311-Scrapy</name>
    <range><lt>1.8.2</lt></range>
    <range><ge>2.0.0</ge><lt>2.6.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96">
      <p>Responses from domain names whose public domain name suffix contains 1 or more periods (e.g. responses from `example.co.uk`, given its public domain name suffix is `co.uk`) are able to set cookies that are included in requests to any other domain sharing the same domain name suffix.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <url>https://osv.dev/vulnerability/GHSA-mfjm-vh54-3f96</url>
    </references>
    <dates>
      <discovery>2022-03-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="2ad25820-c71a-4e6c-bb99-770c66fe496d">
    <topic>py-Scrapy -- credentials leak vulnerability</topic>
    <affects>
      <package>
    <name>py37-Scrapy</name>
    <name>py38-Scrapy</name>
    <name>py39-Scrapy</name>
    <name>py310-Scrapy</name>
    <name>py311-Scrapy</name>
    <range><lt>1.8.3</lt></range>
    <range><ge>2.0.0</ge><lt>2.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-9x8m-2xpf-crp3">
      <p>When the built-in HTTP proxy downloader middleware processes a request with `proxy` metadata, and that `proxy` metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the `Proxy-Authentication` header, but only if that header is not already set.</p>
      <p>There are third-party proxy-rotation downloader middlewares that set different `proxy` metadata every time they process a request.</p>
      <p>Because of request retries and redirects, the same request can be processed by downloader middlewares more than once, including both the built-in HTTP proxy downloader middleware and any third-party proxy-rotation downloader middleware.</p>
      <p>These third-party proxy-rotation downloader middlewares could change the `proxy` metadata of a request to a new value, but fail to remove the `Proxy-Authentication` header from the previous value of the `proxy` metadata, causing the credentials of one proxy to be leaked to a different proxy.</p>
      <p>If you rotate proxies from different proxy providers, and any of those proxies requires credentials, you are affected, unless you are handling proxy rotation as described under **Workarounds** below.</p>
      <p>If you use a third-party downloader middleware for proxy rotation, the same applies to that downloader middleware, and installing a patched version of Scrapy may not be enough;</p>
      <p>patching that downloader middlware may be necessary as well.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <url>https://osv.dev/vulnerability/GHSA-9x8m-2xpf-crp3</url>
    </references>
    <dates>
      <discovery>2022-07-29</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="e831dd5a-7d8e-4818-aa1f-17dd495584ec">
    <topic>py-httpx -- input validation vulnerability</topic>
    <affects>
      <package>
    <name>py37-httpx013</name>
    <name>py38-httpx013</name>
    <name>py39-httpx013</name>
    <name>py310-httpx013</name>
    <name>py311-httpx013</name>
    <range><lt>0.20.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>lebr0nli reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-183">
      <p>Encode OSS httpx &lt;=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41945</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-183</url>
      <url>https://osv.dev/vulnerability/GHSA-h8pj-cxx2-jfg2</url>
    </references>
    <dates>
      <discovery>2022-04-28</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="1e37fa3e-5988-4991-808f-eae98047e2af">
    <topic>py-httpie -- exposure of sensitive information vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-httpie</name>
    <name>py38-httpie</name>
    <name>py39-httpie</name>
    <name>py310-httpie</name>
    <name>py311-httpie</name>
    <range><lt>3.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Glyph reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-34">
      <p>HTTPie is a command-line HTTP client.</p>
      <p>HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage.</p>
      <p>Before 3.1.0, HTTPie didn't distinguish between cookies and hosts they belonged.</p>
      <p>This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website.</p>
      <p>Users are advised to upgrade.</p>
      <p>There are no known workarounds.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-167">
      <p>Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24737</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-34</url>
      <url>https://osv.dev/vulnerability/GHSA-9w4w-cpc8-h2fq</url>
      <cvename>CVE-2022-0430</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-167</url>
      <url>https://osv.dev/vulnerability/GHSA-6pc9-xqrg-wfqw</url>
    </references>
    <dates>
      <discovery>2022-03-07</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="06492bd5-085a-4cc0-9743-e30164bdcb1c">
    <topic>py-flask-security -- user redirect to arbitrary URL vulnerability</topic>
    <affects>
      <package>
    <name>py37-flask-security</name>
    <name>py38-flask-security</name>
    <name>py39-flask-security</name>
    <name>py310-flask-security</name>
    <name>py311-flask-security</name>
    <range><le>3.0.0_1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Snyk reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7">
      <p>This affects all versions of package Flask-Security.</p>
      <p>When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`.</p>
      <p>This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.</p>
      <p>**Note:** Flask-Security is not maintained anymore.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-23385</cvename>
      <url>https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7</url>
    </references>
    <dates>
      <discovery>2022-08-02</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="252f40cb-618c-47f4-a2cf-1abf30cffbbe">
    <topic>py-Flask-Cors -- directory traversal vulnerability</topic>
    <affects>
      <package>
    <name>py37-Flask-Cors</name>
    <name>py38-Flask-Cors</name>
    <name>py39-Flask-Cors</name>
    <name>py310-Flask-Cors</name>
    <name>py311-Flask-Cors</name>
    <range><lt>3.0.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>praetorian-colby-morgan reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-43">
      <p>An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9.</p>
      <p>It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25032</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-43</url>
      <url>https://osv.dev/vulnerability/GHSA-xc3p-ff3m-f46v</url>
    </references>
    <dates>
      <discovery>2020-08-31</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="692a5fd5-bb25-4df4-8a0e-eb91581f2531">
    <topic>py-flask-caching -- remote code execution or local privilege escalation vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-flask-caching</name>
    <name>py38-flask-caching</name>
    <name>py39-flask-caching</name>
    <name>py310-flask-caching</name>
    <name>py311-flask-caching</name>
    <range><le>2.0.2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>subnix reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-13">
      <p>The Flask-Caching extension through 2.0.2 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.</p>
      <p>If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-33026</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-13</url>
      <url>https://osv.dev/vulnerability/GHSA-656c-6cxf-hvcv</url>
    </references>
    <dates>
      <discovery>2021-05-13</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="c2c89dea-2859-4231-8f3b-012be0d475ff">
    <topic>py-django-photologue -- XSS vulnerability</topic>
    <affects>
      <package>
    <name>py37-django-photologue</name>
    <name>py38-django-photologue</name>
    <name>py39-django-photologue</name>
    <name>py310-django-photologue</name>
    <name>py311-django-photologue</name>
    <range><le>3.15_1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>domiee13 reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-287q-jfcp-9vhv">
      <p>A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic.</p>
      <p>Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photo_detail.html of the component Default Template Handler.</p>
      <p>The manipulation of the argument object.caption leads to cross site scripting.</p>
      <p>The attack may be launched remotely.</p>
      <p>Upgrading to version 3.16 is able to address this issue.</p>
      <p>The name of the patch is 960cb060ce5e2964e6d716ff787c72fc18a371e7.</p>
      <p>It is recommended to apply a patch to fix this issue.</p>
      <p>VDB-215906 is the identifier assigned to this vulnerability.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4526</cvename>
      <url>https://osv.dev/vulnerability/GHSA-287q-jfcp-9vhv</url>
    </references>
    <dates>
      <discovery>2022-12-15</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="cdc685b5-1724-49a1-ad57-2eaab68e9cc0">
    <topic>py-pygments -- multiple DoS vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-pygments</name>
    <name>py38-pygments</name>
    <name>py39-pygments</name>
    <name>py310-pygments</name>
    <name>py311-pygments</name>
    <range><lt>2.7.4</lt></range>
      </package>
      <package>
    <name>py37-pygments-25</name>
    <name>py38-pygments-25</name>
    <name>py39-pygments-25</name>
    <name>py310-pygments-25</name>
    <name>py311-pygments-25</name>
    <range><lt>2.7.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Red Hat reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-140">
      <p>An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.</p>
    </blockquote>
    <p>Ben Caller reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-141">
      <p>In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions.</p>
      <p>Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS.</p>
      <p>By crafting malicious input, an attacker can cause a denial of service.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-20270</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-140</url>
      <url>https://osv.dev/vulnerability/GHSA-9w8r-397f-prfh</url>
      <cvename>CVE-2021-27291</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-141</url>
      <url>https://osv.dev/vulnerability/GHSA-pq64-v7f5-gqh8</url>
    </references>
    <dates>
      <discovery>2021-03-17</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="c9b3324f-8e03-4ae3-89ce-8098cdc5bfa9">
    <topic>py-markdown2 -- regular expression denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py37-markdown2</name>
    <name>py38-markdown2</name>
    <name>py39-markdown2</name>
    <name>py310-markdown2</name>
    <name>py311-markdown2</name>
    <range><lt>2.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Ben Caller reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-20">
      <p>markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability.</p>
      <p>If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-26813</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-20</url>
      <url>https://osv.dev/vulnerability/GHSA-jr9p-r423-9m2r</url>
    </references>
    <dates>
      <discovery>2021-03-03</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="cf6f3465-e996-4672-9458-ce803f29fdb7">
    <topic>py-markdown2 -- XSS vulnerability</topic>
    <affects>
      <package>
    <name>py37-markdown2</name>
    <name>py38-markdown2</name>
    <name>py39-markdown2</name>
    <name>py310-markdown2</name>
    <name>py311-markdown2</name>
    <range><lt>2.3.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>TheGrandPew reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-65">
      <p>python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds.</p>
      <p>For example, an attack might use elementname@ or elementname- with an onclick attribute.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-11888</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-65</url>
      <url>https://osv.dev/vulnerability/GHSA-fv3h-8x5j-pvgq</url>
    </references>
    <dates>
      <discovery>2020-04-20</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="83b29e3f-886f-439f-b9a8-72e014479ff9">
    <topic>py-dparse -- REDoS vulnerability</topic>
    <affects>
      <package>
    <name>py37-dparse</name>
    <name>py38-dparse</name>
    <name>py39-dparse</name>
    <name>py310-dparse</name>
    <name>py311-dparse</name>
    <range><lt>0.5.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>yeisonvargasf reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-301">
      <p>dparse is a parser for Python dependency files.</p>
      <p>dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service.</p>
      <p>All the users parsing index server URLs with dparse are impacted by this vulnerability.</p>
      <p>Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39280</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-301</url>
      <url>https://osv.dev/vulnerability/GHSA-8fg9-p83m-x5pq</url>
    </references>
    <dates>
      <discovery>2022-10-06</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="9b0d9832-47c1-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Network authentication attack via pam_krb5</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_2</lt></range>
	<range><ge>13.1</ge><lt>13.1_9</lt></range>
	<range><ge>12.4</ge><lt>12.4_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The problem detailed in FreeBSD-SA-23:04.pam_krb5 persisted following
	the patch for that advisory.</p>
	<h1>Impact:</h1>
	<p>The impact described in FreeBSD-SA-23:04.pam_krb5 persists.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3326</cvename>
      <freebsdsa>SA-23:09.pam_krb5</freebsdsa>
    </references>
    <dates>
      <discovery>2023-08-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="291d0953-47c1-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Potential remote code execution via ssh-agent forwarding</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_2</lt></range>
	<range><ge>13.1</ge><lt>13.1_9</lt></range>
	<range><ge>12.4</ge><lt>12.4_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The server may cause ssh-agent to load shared libraries other than
	those required for PKCS#11 support.  These shared libraries may have
	side effects that occur on load and unload (dlopen and dlclose).</p>
	<h1>Impact:</h1>
	<p>An attacker with access to a server that accepts a forwarded
	ssh-agent connection may be able to execute code on the machine running
	ssh-agent.  Note that the attack relies on properties of operating
	system-provided libraries.  This has been demonstrated on other
	operating systems; it is unknown whether this attack is possible using
	the libraries provided by a FreeBSD installation.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-38408</cvename>
      <freebsdsa>SA-23:08.ssh</freebsdsa>
    </references>
    <dates>
      <discovery>2023-08-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="ab437561-47c0-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- bhyve privileged guest escape via fwctl</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_2</lt></range>
	<range><ge>13.1</ge><lt>13.1_9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The fwctl driver implements a state machine which is executed when
	the guest accesses certain x86 I/O ports.  The interface lets the guest
	copy a string into a buffer resident in the bhyve process' memory.  A
	bug in the state machine implementation can result in a buffer
	overflowing when copying this string.</p>
	<h1>Impact:</h1>
	<p>A malicious, privileged software running in a guest VM can exploit
	the buffer overflow to achieve code execution on the host in the bhyve
	userspace process, which typically runs as root.  Note that bhyve runs
	in a Capsicum sandbox, so malicious code is constrained by the
	capabilities available to the bhyve process.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3494</cvename>
      <freebsdsa>SA-23:07.bhyve</freebsdsa>
    </references>
    <dates>
      <discovery>2023-08-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="3dabf5b8-47c0-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Remote denial of service in IPv6 fragment reassembly</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.2</ge><lt>13.2_2</lt></range>
	<range><ge>13.1</ge><lt>13.1_9</lt></range>
	<range><ge>12.4</ge><lt>12.4_4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Each fragment of an IPv6 packet contains a fragment header which
	specifies the offset of the fragment relative to the original packet,
	and each fragment specifies its length in the IPv6 header.  When
	reassembling the packet, the kernel calculates the complete IPv6 payload
	length.  The payload length must fit into a 16-bit field in the IPv6
	header.</p>
	<p>Due to a bug in the kernel, a set of carefully crafted packets can
	trigger an integer overflow in the calculation of the reassembled
	packet's payload length field.</p>
	<h1>Impact:</h1>
	<p>Once an IPv6 packet has been reassembled, the kernel continues
	processing its contents.  It does so assuming that the fragmentation
	layer has validated all fields of the constructed IPv6 header.  This bug
	violates such assumptions and can be exploited to trigger a remote
	kernel panic, resulting in a denial of service.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3107</cvename>
      <freebsdsa>SA-23:06.ipv6</freebsdsa>
    </references>
    <dates>
      <discovery>2023-08-01</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="e31a8f8e-47bf-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- ssh-add does not honor per-hop destination constraints</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.4</ge><lt>12.4_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When using ssh-add(1) to add smartcard keys to ssh-agent(1) with
	per-hop destination constraints, a logic error prevented the constraints
	from being sent to the agent resulting in keys being added to the agent
	without constraints.</p>
	<h1>Impact:</h1>
	<p>A malicious server could leverage the keys provided by a forwarded
	agent that would normally not be allowed due to the logic error.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28531</cvename>
      <freebsdsa>SA-23:05.openssh</freebsdsa>
    </references>
    <dates>
      <discovery>2023-06-21</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="41af0277-47bf-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Network authentication attack via pam_krb5</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.2</ge><lt>13.2_1</lt></range>
	<range><ge>13.1</ge><lt>13.1_8</lt></range>
	<range><ge>12.4</ge><lt>12.4_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>pam_krb5 authenticates the user by essentially running kinit(1) with
	the password, getting a `ticket-granting ticket' (tgt) from the Kerberos
	KDC (Key Distribution Center) over the network, as a way to verify the
	password.</p>
	<p>Normally, the system running the pam_krb5 module will also have a
	keytab, a key provisioned by the KDC. The pam_krb5 module will use the
	tgt to get a service ticket and validate it against the keytab, ensuring
	the tgt is valid and therefore, the password is valid.</p>
	<p>However, if a keytab is not provisioned on the system, pam_krb5 has
	no way to validate the response from the KDC, and essentially trusts the
	tgt provided over the network as being valid.</p>
	<h1>Impact:</h1>
	<p>In a non-default FreeBSD installation that leverages pam_krb5 for
	authentication and does not have a keytab provisioned, an attacker that
	is able to control both the password and the KDC responses can return a
	valid tgt, allowing authentication to occur for any user on the
	system.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3326</cvename>
      <freebsdsa>SA-23:04.pam_krb5</freebsdsa>
    </references>
    <dates>
      <discovery>2023-06-21</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="c8eb4c40-47bd-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Multiple vulnerabilities in OpenSSL</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.1</ge><lt>13.1_7</lt></range>
	<range><ge>12.4</ge><lt>12.4_2</lt></range>
	<range><ge>12.3</ge><lt>12.3_12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<h2>X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)</h2>
	<p>There is a type confusion vulnerability relating to X.400 address processing
	inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
	the public structure definition for GENERAL_NAME incorrectly specified the type
	of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
	the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
	ASN1_STRING.</p>
	<h2>Timing Oracle in RSA Decryption (CVE-2022-4304)</h2>
	<p>A timing based side channel exists in the OpenSSL RSA Decryption
	implementation.</p>
	<h2>Use-after-free following BIO_new_NDEF (CVE-2023-0215)</h2>
	<p>The public API function BIO_new_NDEF is a helper function used for streaming
	ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support
	the SMIME, CMS and PKCS7 streaming capabilities, but may also be called
	directly by end user applications.</p>
	<p>The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
	BIO onto the front of it to form a BIO chain, and then returns the new head
	of the BIO chain to the caller. Under certain conditions, for example if a
	CMS recipient public key is invalid, the new filter BIO is freed and the
	function returns a NULL result indicating a failure. However, in this case,
	the BIO chain is not properly cleaned up and the BIO passed by the caller
	still retains internal pointers to the previously freed filter BIO.</p>
	<h2>Double free after calling PEM_read_bio_ex (CVE-2022-4450)</h2>
	<p>The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
	decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
	data.  If the function succeeds then the "name_out", "header" and "data"
	arguments are populated with pointers to buffers containing the relevant
	decoded data. The caller is responsible for freeing those buffers. It is
	possible to construct a PEM file that results in 0 bytes of payload data. In
	this case PEM_read_bio_ex() will return a failure code but will populate the
	header argument with a pointer to a buffer that has already been freed.</p>
	<h1>Impact:</h1>
	<h2>X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)</h2>
	<p>When CRL checking is enabled (i.e. the application sets the
	X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
	arbitrary pointers to a memcmp call, enabling them to read memory contents or
	enact a denial of service. In most cases, the attack requires the attacker to
	provide both the certificate chain and CRL, neither of which need to have a
	valid signature. If the attacker only controls one of these inputs, the other
	input must already contain an X.400 address as a CRL distribution point, which
	is uncommon. As such, this vulnerability is most likely to only affect
	applications which have implemented their own functionality for retrieving CRLs
	over a network.</p>
	<h2>Timing Oracle in RSA Decryption (CVE-2022-4304)</h2>
	<p>A timing based side channel exists in the OpenSSL RSA Decryption implementation
	which could be sufficient to recover a plaintext across a network in a
	Bleichenbacher style attack. To achieve a successful decryption an attacker
	would have to be able to send a very large number of trial messages for
	decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
	RSA-OEAP and RSASVE.</p>
	<h2>Use-after-free following BIO_new_NDEF (CVE-2023-0215)</h2>
	<p>A use-after-free will occur under certain conditions. This will most likely
	result in a crash.</p>
	<h2>Double free after calling PEM_read_bio_ex (CVE-2022-4450)</h2>
	<p>A double free may occur. This will most likely lead to a crash. This could be
	exploited by an attacker who has the ability to supply malicious PEM files
	for parsing to achieve a denial of service attack.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0286</cvename>
      <cvename>CVE-2023-0215</cvename>
      <cvename>CVE-2022-4450</cvename>
      <cvename>CVE-2022-4304</cvename>
      <freebsdsa>SA-23:03.openssl</freebsdsa>
    </references>
    <dates>
      <discovery>2023-02-16</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="09b7cd39-47bd-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- OpenSSH pre-authentication double free</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>12.4</ge><lt>12.4_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A flaw in the backwards-compatibility key exchange route allows a
	pointer to be freed twice.</p>
	<h1>Impact:</h1>
	<p>A remote, unauthenticated attacker may be able to cause a denial of
	service, or possibly remote code execution.</p>
	<p>Note that FreeBSD 12.3 and FreeBSD 13.1 include older versions of
	OpenSSH, and are not affected.  FreeBSD 13.2-BETA1 and later include the
	fix.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25136</cvename>
      <freebsdsa>SA-23:02.openssh</freebsdsa>
    </references>
    <dates>
      <discovery>2023-02-16</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="3fcab88b-47bc-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- GELI silently omits the keyfile if read from stdin</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.1</ge><lt>13.1_6</lt></range>
	<range><ge>12.4</ge><lt>12.4_1</lt></range>
	<range><ge>12.3</ge><lt>12.3_11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When GELI reads a key file from a standard input, it doesn't store it
	anywhere.  If the user tries to initialize multiple providers at once,
	for the second and subsequent devices the standard input stream will be
	already empty.  In this case, GELI silently uses a NULL key as the user
	key file.  If the user used only a key file without a user passphrase,
	the master key was encrypted with an empty key file.  This might not be
	noticed if the devices were also decrypted in a batch operation.</p>
	<h1>Impact:</h1>
	<p>Some GELI providers might be silently encrypted with a NULL key
	file.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0751</cvename>
      <freebsdsa>SA-23:01.geli</freebsdsa>
    </references>
    <dates>
      <discovery>2023-02-08</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="a005aea9-47bb-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Stack overflow in ping(8)</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.1</ge><lt>13.1_5</lt></range>
	<range><ge>12.3</ge><lt>12.3_10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>ping reads raw IP packets from the network to process responses in
	the pr_pack() function.  As part of processing a response ping has to
	reconstruct the IP header, the ICMP header and if present a "quoted
	packet," which represents the packet that generated an ICMP error.
	The quoted packet again has an IP header and an ICMP header.</p>
	<p>The pr_pack() copies received IP and ICMP headers into stack buffers
	for further processing.  In so doing, it fails to take into account the
	possible presence of IP option headers following the IP header in either
	the response or the quoted packet.  When IP options are present,
	pr_pack() overflows the destination buffer by up to 40 bytes.</p>
	<h1>Impact:</h1>
	<p>The memory safety bugs described above can be triggered by a remote
	host, causing the ping program to crash.</p>
	<p>The ping process runs in a capability mode sandbox on all affected
	versions of FreeBSD and is thus very constrained in how it can interact
	with the rest of the system at the point where the bug can occur.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23093</cvename>
      <freebsdsa>SA-22:15.ping</freebsdsa>
    </references>
    <dates>
      <discovery>2022-11-29</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="97c1b0f7-47b9-11ee-8e38-002590c1f29c">
    <topic>FreeBSD -- Multiple vulnerabilities in Heimdal</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.1</ge><lt>13.1_4</lt></range>
	<range><ge>12.3</ge><lt>12.3_9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Multiple security vulnerabilities have been discovered in the Heimdal
	implementation of the Kerberos 5 network authentication
	protocols and KDC.</p>
	<ul>
	  <li>CVE-2022-42898 PAC parse integer overflows</li>
	  <li>CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour</li>
	  <li>CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors</li>
	  <li>CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec</li>
	  <li>CVE-2019-14870 Validate client attributes in protocol-transition</li>
	  <li>CVE-2019-14870 Apply forwardable policy in protocol-transition</li>
	  <li>CVE-2019-14870 Always lookup impersonate client in DB</li>
	</ul>
	<h1>Impact:</h1>
	<p>A malicious actor with control of the network between a client and a
	service using Kerberos for authentication can impersonate either the
	client or the service, enabling a man-in-the-middle (MITM) attack
	circumventing mutual authentication.</p>
	<p>Note that, while CVE-2022-44640 is a severe vulnerability, possibly
	enabling remote code execution on other platforms, the version of
	Heimdal included with the FreeBSD base system cannot be exploited in
	this way on FreeBSD.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-14870</cvename>
      <cvename>CVE-2021-44758</cvename>
      <cvename>CVE-2022-3437</cvename>
      <cvename>CVE-2022-42898</cvename>
      <cvename>CVE-2022-44640</cvename>
      <freebsdsa>SA-22:14.heimdal</freebsdsa>
    </references>
    <dates>
      <discovery>2022-11-15</discovery>
      <entry>2023-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="22fffa69-46fa-11ee-8290-a8a1599412c6">
    <topic>chromium -- use after free in MediaStream</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>116.0.5845.140</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>116.0.5845.140</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html">
	 <p>This update includes 1 security fix:</p>
	 <ul>
	    <li>[1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4472</cvename>
      <url>https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html</url>
    </references>
    <dates>
      <discovery>2023-08-29</discovery>
      <entry>2023-08-30</entry>
    </dates>
  </vuln>

  <vuln vid="36a37c92-44b1-11ee-b091-6162c1274384">
    <topic>gitea -- information disclosure</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.20.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/25097">
	  <p>Fix API leaking Usermail if not logged in</p>
	  <p>The API should only return the real Mail of a User, if the
	    caller is logged in. The check do to this don't work. This PR
	    fixes this. This not really a security issue, but can lead to
	    Spam.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.20.3</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.3</url>
    </references>
    <dates>
      <discovery>2023-06-06</discovery>
      <entry>2023-08-27</entry>
    </dates>
  </vuln>

  <vuln vid="5fa332b9-4269-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>116.0.5845.110</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>116.0.5845.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html">
	 <p>This update includes 5 security fixes:</p>
	 <ul>
	    <li>[1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02</li>
	    <li>[1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03</li>
	    <li>[1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06</li>
	    <li>[1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07</li>
	    <li>[1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4430</cvename>
      <cvename>CVE-2023-4429</cvename>
      <cvename>CVE-2023-4428</cvename>
      <cvename>CVE-2023-4427</cvename>
      <cvename>CVE-2023-4431</cvename>
      <url>https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html</url>
    </references>
    <dates>
      <discovery>2023-08-22</discovery>
      <entry>2023-08-24</entry>
    </dates>
  </vuln>

  <vuln vid="5999fc39-72d0-4b99-851c-ade7ff7125c3">
    <topic>electron25 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron25</name>
	<range><lt>25.7.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v25.7.0">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4071.</li>
	    <li>Security: backported fix for CVE-2023-4070.</li>
	    <li>Security: backported fix for CVE-2023-4075.</li>
	    <li>Security: backported fix for CVE-2023-4076.</li>
	    <li>Security: backported fix for CVE-2023-4074.</li>
	    <li>Security: backported fix for CVE-2023-4072.</li>
	    <li>Security: backported fix for CVE-2023-4068.</li>
	    <li>Security: backported fix for CVE-2023-4073.</li>
	    <li>Security: backported fix for CVE-2023-4355.</li>
	    <li>Security: backported fix for CVE-2023-4354.</li>
	    <li>Security: backported fix for CVE-2023-4353.</li>
	    <li>Security: backported fix for CVE-2023-4351.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4071</cvename>
      <url>https://github.com/advisories/GHSA-qc3g-vp59-7vwh</url>
      <cvename>CVE-2023-4070</cvename>
      <url>https://github.com/advisories/GHSA-9xxv-mx64-rx27</url>
      <cvename>CVE-2023-4075</cvename>
      <url>https://github.com/advisories/GHSA-7332-j628-x48x</url>
      <cvename>CVE-2023-4076</cvename>
      <url>https://github.com/advisories/GHSA-7rfc-cwhj-x2qv</url>
      <cvename>CVE-2023-4074</cvename>
      <url>https://github.com/advisories/GHSA-6j3m-7hm6-qjrx</url>
      <cvename>CVE-2023-4072</cvename>
      <url>https://github.com/advisories/GHSA-9j4r-qr47-rcxp</url>
      <cvename>CVE-2023-4068</cvename>
      <url>https://github.com/advisories/GHSA-wh89-h5f7-hhcr</url>
      <cvename>CVE-2023-4073</cvename>
      <url>https://github.com/advisories/GHSA-g9wf-6ppg-937x</url>
      <cvename>CVE-2023-4355</cvename>
      <url>https://github.com/advisories/GHSA-xrw8-8992-37w4</url>
      <cvename>CVE-2023-4354</cvename>
      <url>https://github.com/advisories/GHSA-rq4v-7hxq-wpm5</url>
      <cvename>CVE-2023-4353</cvename>
      <url>https://github.com/advisories/GHSA-mjq9-8vf6-qh49</url>
      <cvename>CVE-2023-4351</cvename>
      <url>https://github.com/advisories/GHSA-mh2g-52mr-mr5v</url>
    </references>
    <dates>
      <discovery>2023-08-23</discovery>
      <entry>2023-08-24</entry>
    </dates>
  </vuln>

  <vuln vid="99bc2966-55be-4411-825f-b04017a4c100">
    <topic>electron{22,24} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.22</lt></range>
      </package>
      <package>
	<name>electron24</name>
	<range><lt>24.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.22">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-4355.</li>
	    <li>Security: backported fix for CVE-2023-4354.</li>
	    <li>Security: backported fix for CVE-2023-4353.</li>
	    <li>Security: backported fix for CVE-2023-4352.</li>
	    <li>Security: backported fix for CVE-2023-4351.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4355</cvename>
      <url>https://github.com/advisories/GHSA-xrw8-8992-37w4</url>
      <cvename>CVE-2023-4354</cvename>
      <url>https://github.com/advisories/GHSA-rq4v-7hxq-wpm5</url>
      <cvename>CVE-2023-4353</cvename>
      <url>https://github.com/advisories/GHSA-mjq9-8vf6-qh49</url>
      <cvename>CVE-2023-4352</cvename>
      <url>https://github.com/advisories/GHSA-vp8r-986v-6qj4</url>
      <cvename>CVE-2023-4351</cvename>
      <url>https://github.com/advisories/GHSA-mh2g-52mr-mr5v</url>
    </references>
    <dates>
      <discovery>2023-08-23</discovery>
      <entry>2023-08-24</entry>
    </dates>
  </vuln>

  <vuln vid="ddd3fcc9-2bdd-11ee-9af4-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq-php80</name>
	<name>phpmyfaq-php81</name>
	<name>phpmyfaq-php82</name>
	<name>phpmyfaq-php83</name>
	<range><lt>3.1.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2023-07-16">
	  <p>Cross Site Scripting vulnerability</p>
	  <p>CSV injection vulnerability</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea/</url>
      <url>https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189/</url>
    </references>
    <dates>
      <discovery>2023-07-16</discovery>
      <entry>2023-08-23</entry>
    </dates>
  </vuln>

  <vuln vid="5666688f-803b-4cf0-9cb1-08c088f2225a">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>116.0.5845.96</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>116.0.5845.96</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html">
	 <p>This update includes 26 security fixes:</p>
	 <ul>
	    <li>[1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24</li>
	    <li>[1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27</li>
	    <li>[1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14</li>
	    <li>[1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18</li>
	    <li>[1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07</li>
	    <li>[1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27</li>
	    <li>[1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12</li>
	    <li>[1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31</li>
	    <li>[1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30</li>
	    <li>[1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28</li>
	    <li>[1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20</li>
	    <li>[1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09</li>
	    <li>[1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07</li>
	    <li>[1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17</li>
	    <li>[1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14</li>
	    <li>[1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23</li>
	    <li>[1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13</li>
	    <li>[1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06</li>
	    <li>[1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02</li>
	    <li>[1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26</li>
	    <li>[1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2312</cvename>
      <cvename>CVE-2023-4349</cvename>
      <cvename>CVE-2023-4350</cvename>
      <cvename>CVE-2023-4351</cvename>
      <cvename>CVE-2023-4352</cvename>
      <cvename>CVE-2023-4353</cvename>
      <cvename>CVE-2023-4354</cvename>
      <cvename>CVE-2023-4355</cvename>
      <cvename>CVE-2023-4356</cvename>
      <cvename>CVE-2023-4357</cvename>
      <cvename>CVE-2023-4358</cvename>
      <cvename>CVE-2023-4359</cvename>
      <cvename>CVE-2023-4360</cvename>
      <cvename>CVE-2023-4361</cvename>
      <cvename>CVE-2023-4362</cvename>
      <cvename>CVE-2023-4363</cvename>
      <cvename>CVE-2023-4364</cvename>
      <cvename>CVE-2023-4365</cvename>
      <cvename>CVE-2023-4366</cvename>
      <cvename>CVE-2023-4367</cvename>
      <cvename>CVE-2023-4368</cvename>
      <url>https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html</url>
    </references>
    <dates>
      <discovery>2023-08-15</discovery>
      <entry>2023-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="759a5599-3ce8-11ee-a0d1-84a93843eb75">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-client57</name>
	<range><lt>5.7.43</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.43</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.34</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.34</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 24 new security patches for Oracle
	    MySQL. 11 of these vulnerabilities may be remotely exploitable without
	    authentication, i.e., may be exploited over a network without requiring
	    user credentials.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4899</cvename>
      <cvename>CVE-2023-0361</cvename>
      <cvename>CVE-2022-4899</cvename>
      <cvename>CVE-2022-4899</cvename>
      <cvename>CVE-2023-22053</cvename>
      <cvename>CVE-2023-22008</cvename>
      <cvename>CVE-2023-22046</cvename>
      <cvename>CVE-2023-22054</cvename>
      <cvename>CVE-2023-22056</cvename>
      <cvename>CVE-2023-21950</cvename>
      <cvename>CVE-2023-22007</cvename>
      <cvename>CVE-2023-22057</cvename>
      <cvename>CVE-2023-22033</cvename>
      <cvename>CVE-2023-22058</cvename>
      <cvename>CVE-2023-22005</cvename>
      <cvename>CVE-2023-22048</cvename>
      <cvename>CVE-2023-22038</cvename>
      <url>https://www.oracle.com/security-alerts/cpujul2023.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="8e561cfe-3c59-11ee-b32e-080027f5fec9">
    <topic>clamav -- Possible denial of service vulnerability in the AutoIt file parser</topic>
    <affects>
      <package>
	<name>clamav-lts</name>
	<range><lt>1.0.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The ClamAV project reports:</p>
	<blockquote cite="https://blog.clamav.net/2023/07/2023-08-16-releases.html">
	  <p>
	    There is a possible denial of service vulnerability in the
	    AutoIt file parser.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-20212</cvename>
      <url>https://blog.clamav.net/2023/07/2023-08-16-releases.html</url>
    </references>
    <dates>
      <discovery>2023-08-15</discovery>
      <entry>2023-08-16</entry>
    </dates>
  </vuln>

  <vuln vid="51a59f36-3c58-11ee-b32e-080027f5fec9">
    <topic>clamav -- Possible denial of service vulnerability in the HFS+ file parser</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>1.1.1,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><lt>1.0.2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Steve Smith reports:</p>
	<blockquote cite="https://blog.clamav.net/2023/07/2023-08-16-releases.html">
	  <p>
	    There is a possible denial of service vulnerability in the
	    HFS+ file parser.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-20197</cvename>
      <url>https://blog.clamav.net/2023/07/2023-08-16-releases.html</url>
    </references>
    <dates>
      <discovery>2023-08-15</discovery>
      <entry>2023-08-16</entry>
    </dates>
  </vuln>

  <vuln vid="a6986f0f-3ac0-11ee-9a88-206a8a720317">
    <topic>krb5 -- Double-free in KDC TGS processing</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><lt>1.21.1_1</lt></range>
      </package>
      <package>
	<name>krb5-121</name>
	<range><lt>1.21.1_1</lt></range>
      </package>
      <package>
	<name>krb5-devel</name>
	<range><lt>1.22.2023.08.07</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840">
	  <p>When issuing a ticket for a TGS renew or validate request, copy
	     only the server field from the outer part of the header ticket
	     to the new ticket.  Copying the whole structure causes the
	     enc_part pointer to be aliased to the header ticket until
	     krb5_encrypt_tkt_part() is called, resulting in a double-free
	     if handle_authdata() fails..</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-39975</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39975</url>
    </references>
    <dates>
      <discovery>2023-08-07</discovery>
      <entry>2023-08-14</entry>
    </dates>
  </vuln>

  <vuln vid="b1ac663f-3aa9-11ee-b887-b42e991fc52e">
    <topic>typo3 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>typo3-11-php80</name>
	<name>typo3-11-php81</name>
	<range><lt>11.5.30</lt></range>
      </package>
      <package>
	<name>typo3-12-php80</name>
	<name>typo3-12-php81</name>
	<range><lt>12.4.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>TYPO3 reports:</p>
	<blockquote cite="https://typo3.org/article/typo3-1211-11520-and-10433-security-releases-published">
	  <p>TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer</p>
	  <p>TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution</p>
	  <p>TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-38500</cvename>
      <cvename>CVE-2023-38499</cvename>
      <cvename>CVE-2023-37905</cvename>
      <url>https://typo3.org/article/typo3-1244-and-11530-security-releases-published</url>
    </references>
    <dates>
      <discovery>2023-07-25</discovery>
      <entry>2023-08-14</entry>
    </dates>
  </vuln>

  <vuln vid="59a43a73-3786-11ee-94b4-6cc21735f730">
    <topic>postgresql-server -- MERGE fails to enforce UPDATE or SELECT row security policies</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>15.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-39418/">
	  <p>
	    PostgreSQL 15 introduced the MERGE command, which fails to test
	    new rows against row security policies defined for UPDATE and
	    SELECT. If UPDATE and SELECT policies forbid some row that
	    INSERT policies do not forbid, a user could store such rows.
	    Subsequent consequences are application-dependent. This
	    affects only databases that have used CREATE POLICY to define
	    a row security policy.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-39418</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-39418/</url>
    </references>
    <dates>
      <discovery>2023-08-10</discovery>
      <entry>2023-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="cfd2a634-3785-11ee-94b4-6cc21735f730">
    <topic>postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>11.21</lt></range>
	<range><lt>12.16</lt></range>
	<range><lt>13.12</lt></range>
	<range><lt>14.9</lt></range>
	<range><lt>15.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-39417/">
	  <p>
	    An extension script is vulnerable if it uses @extowner@,
	    @extschema@, or @extschema:...@ inside a quoting construct
	    (dollar quoting, '', or ""). No bundled extension is
	    vulnerable. Vulnerable uses do appear in a documentation
	    example and in non-bundled extensions. Hence, the attack
	    prerequisite is an administrator having installed files of a
	    vulnerable, trusted, non-bundled extension. Subject to that
	    prerequisite, this enables an attacker having database-level
	    CREATE privilege to execute arbitrary code as the bootstrap
	    superuser. PostgreSQL will block this attack in the core
	    server, so there's no need to modify individual extensions.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-39417</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-39417/</url>
    </references>
    <dates>
      <discovery>2023-08-10</discovery>
      <entry>2023-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="f3a35fb8-2d70-47c9-a516-6aad7eb222b1">
    <topic>electron{22,23,24,25} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.20</lt></range>
      </package>
      <package>
	<name>electron23</name>
	<range><lt>23.3.12</lt></range>
      </package>
      <package>
	<name>electron24</name>
	<range><lt>24.7.0</lt></range>
      </package>
      <package>
	<name>electron25</name>
	<range><lt>25.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v23.3.12">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3732.</li>
	    <li>Security: backported fix for CVE-2023-3728.</li>
	    <li>Security: backported fix for CVE-2023-3730.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3732</cvename>
      <url>https://github.com/advisories/GHSA-6f46-9vvr-v3j5</url>
      <cvename>CVE-2023-3728</cvename>
      <url>https://github.com/advisories/GHSA-fxgf-5cm8-2f8q</url>
      <cvename>CVE-2023-3730</cvename>
      <url>https://github.com/advisories/GHSA-2gmm-4f9j-mw4p</url>
    </references>
    <dates>
      <discovery>2023-08-02</discovery>
      <entry>2023-08-07</entry>
      <modified>2023-08-11</modified>
    </dates>
  </vuln>

  <vuln vid="441e1e1a-27a5-11ee-a156-080027f5fec9">
    <topic>samba -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>samba416</name>
	<range><lt>4.16.11</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.17_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/latest_news.html#4.18.5">
	  <dl>
	    <dt>CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion DoS Vulnerability</dt>
	    <dd>
	      When parsing Spotlight mdssvc RPC packets, one encoded
	      data structure is a key-value style dictionary where
	      keys are character strings and values can be any of
	      the supported types in the mdssvc protocol. Due to a
	      lack of type checking in callers of the function
	      dalloc_value_for_key(), which returns the object
	      associated with a key, a caller may trigger a crash in
	      talloc_get_size() when talloc detects that the passed in
	      pointer is not a valid talloc pointer. As RPC worker
	      processes are shared among multiple client connections,
	      a malicious client can crash the worker process
	      affecting all other clients that are also served by this
	      worker.
	    </dd>
	    <dt>CVE-2022-2127: Out-Of-Bounds read in winbind AUTH_CRAP</dt>
	    <dd>
	      When doing NTLM authentication, the client sends replies
	      to cryptographic challenges back to the server. These
	      replies have variable length. Winbind did not properly
	      bounds-check the lan manager response length, which
	      despite the lan manager version no longer being used is
	      still part of the protocol. If the system is running
	      Samba's ntlm_auth as authentication backend for services
	      like Squid (or a very unusual configuration with
	      FreeRADIUS), the vulnarebility is remotely exploitable.
	      If not so configured, or to exploit this vulnerability
	      locally, the user must have access to the privileged
	      winbindd UNIX domain socket (a subdirectory with name
	      'winbindd_privileged' under "state directory", as set in
	      the smb.conf). This access is normally only given so
	      special system services like Squid or FreeRADIUS, use
	      this feature.
	    </dd>
	    <dt>CVE-2023-34968: Spotlight server-side Share Path Disclosure</dt>
	    <dd>
	      As part of the Spotlight protocol, the initial request
	      returns a path associated with the sharename targeted by
	      the RPC request. Samba returns the real server-side
	      share path at this point, as well as returning the
	      absolute server-side path of results in search queries
	      by clients. Known server side paths could be used to
	      mount subsequent more serious security attacks or could
	      disclose confidential information that is part of the
	      path. To mitigate the issue, Samba will replace the
	      real server-side path with a fake path constructed from
	      the sharename.
	    </dd>
	    <dt>CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop DoS Vulnerability</dt>
	    <dd>
	      When parsing Spotlight mdssvc RPC packets sent by the
	      client, the core unmarshalling function sl_unpack_loop()
	      did not validate a field in the network packet that
	      contains the count of elements in an array-like
	      structure. By passing 0 as the count value, the attacked
	      function will run in an endless loop consuming 100% CPU.
	      This bug only affects servers where Spotlight is
	      explicitly enabled globally or on individual shares with
	      "spotlight = yes".
	    </dd>
	    <dt>CVE-2023-3347: SMB2 packet signing not enforced</dt>
	    <dd>
	      SMB2 packet signing is not enforced if an admin
	      configured "server signing = required" or for SMB2
	      connections to Domain Controllers where SMB2 packet
	      signing is mandatory. SMB2 packet signing is a
	      mechanism that ensures the integrity and authenticity of
	      data exchanged between a client and a server using the
	      SMB2 protocol. It provides protection against certain
	      types of attacks, such as man-in-the-middle attacks,
	      where an attacker intercepts network traffic and
	      modifies the SMB2 messages. Both client and server of
	      an SMB2 connection can require that signing is being
	      used. The server-side setting in Samba to configure
	      signing to be required is "server signing = required".
	      Note that on an Samba AD DCs this is also the default
	      for all SMB2 connections. Unless the client requires
	      signing which would result in signing being used on the
	      SMB2 connection, sensitive data might have been modified
	      by an attacker. Clients connecting to IPC$ on an AD DC
	      will require signed connections being used, so the
	      integrity of these connections was not affected.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-34967</cvename>
      <cvename>CVE-2022-2127</cvename>
      <cvename>CVE-2023-34968</cvename>
      <cvename>CVE-2023-34966</cvename>
      <cvename>CVE-2023-3347</cvename>
      <url>https://www.samba.org/samba/security/CVE-2023-34967.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-2127.html</url>
      <url>https://www.samba.org/samba/security/CVE-2023-34968.html</url>
      <url>https://www.samba.org/samba/security/CVE-2023-34966.html</url>
      <url>https://www.samba.org/samba/security/CVE-2023-3347.html</url>
    </references>
    <dates>
      <discovery>2023-07-19</discovery>
      <entry>2023-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>115.0.5790.170</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>115.0.5790.170</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html">
	 <p>This update includes 17 security fixes:</p>
	 <ul>
	    <li>[1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20</li>
	    <li>[1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17</li>
	    <li>[1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07</li>
	    <li>[1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28</li>
	    <li>[1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12</li>
	    <li>[1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20</li>
	    <li>[1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12</li>
	    <li>[1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25</li>
	    <li>[1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29</li>
	    <li>[1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04</li>
	    <li>[1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-4068</cvename>
      <cvename>CVE-2023-4069</cvename>
      <cvename>CVE-2023-4070</cvename>
      <cvename>CVE-2023-4071</cvename>
      <cvename>CVE-2023-4072</cvename>
      <cvename>CVE-2023-4073</cvename>
      <cvename>CVE-2023-4074</cvename>
      <cvename>CVE-2023-4075</cvename>
      <cvename>CVE-2023-4076</cvename>
      <cvename>CVE-2023-4077</cvename>
      <cvename>CVE-2023-4078</cvename>
      <url>https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-08-02</discovery>
      <entry>2023-08-04</entry>
    </dates>
  </vuln>

  <vuln vid="78f2e491-312d-11ee-85f2-bd89b893fcb4">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.12</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI">
	  <p>crypto/tls: restrict RSA keys in certificates to &lt;= 8192 bits</p>
	  <p>Extremely large RSA keys in certificate chains can cause
	  a client/server to expend significant CPU time verifying
	  signatures. Limit this by restricting the size of RSA keys
	  transmitted during handshakes to &lt;= 8192 bits. </p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/60374">
	  <p>net/http: insufficient sanitization of Host header</p>
	  <p>The HTTP/1 client did not fully validate the contents of
	   the Host header. A maliciously crafted Host header could
	   inject additional headers or entire requests. The HTTP/1
	   client now refuses to send requests containing an
	   invalid Request.Host or Request.URL.Host value.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/60167">
	  <p>cmd/go: cgo code injection</p>
	  <p>The go command may generate unexpected code at build
	   time when using cgo. This may result in unexpected
	   behavior when running a go program which uses cgo.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/60272">
	  <p>runtime: unexpected behavior of setuid/setgid binaries</p>
	  <p>The Go runtime didn't act any differently when a binary
	  had the setuid/setgid bit set. On Unix platforms, if a
	  setuid/setgid binary was executed with standard I/O file
	  descriptors closed, opening any files could result in
	  unexpected content being read/written with elevated
	  prilieges. Similarly if a setuid/setgid program was
	  terminated, either via panic or signal, it could leak the
	  contents of its registers.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/60305">
	  <p>cmd/go: improper sanitization of LDFLAGS</p>
	  <p>The go command may execute arbitrary code at build time
	  when using cgo. This may occur when running "go get" on a
	  malicious module, or when running any other command which
	  builds untrusted code. This is can by triggered by linker
	  flags, specified via a "#cgo LDFLAGS" directive.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/59720">
	  <p>html/template: improper sanitization of CSS values</p>
	  <p>
	    Angle brackets (&lt;&gt;) were not considered dangerous
	    characters when inserted into CSS contexts. Templates
	    containing multiple actions separated by a '/' character
	    could result in unexpectedly closing the CSS context and
	    allowing for injection of unexpected HMTL, if executed
	    with untrusted input.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/59721">
	  <p>html/template: improper handling of JavaScript whitespace</p>
	  <p>
	    Not all valid JavaScript whitespace characters were
	    considered to be whitespace. Templates containing
	    whitespace characters outside of the character set
	    "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that
	    also contain actions may not be properly sanitized
	    during execution.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/59722">
	  <p>html/template: improper handling of empty HTML attributes</p>
	  <p>
	    Templates containing actions in unquoted HTML attributes
	    (e.g. "attr={{.}}") executed with empty input could
	    result in output that would have unexpected results when
	    parsed due to HTML normalization rules. This may allow
	    injection of arbitrary attributes into tags.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-29406</cvename>
      <cvename>CVE-2023-29402</cvename>
      <cvename>CVE-2023-29403</cvename>
      <cvename>CVE-2023-29404</cvename>
      <cvename>CVE-2023-24539</cvename>
      <cvename>CVE-2023-24540</cvename>
      <cvename>CVE-2023-29400</cvename>
      <url>https://groups.google.com/u/1/g/golang-announce/c/X0b6CsSAaYI</url>
      <url>https://groups.google.com/u/1/g/golang-announce/c/2q13H6LEEx0</url>
      <url>https://groups.google.com/u/1/g/golang-announce/c/q5135a9d924</url>
      <url>https://groups.google.com/u/1/g/golang-announce/c/MEb0UyuSMsU</url>
    </references>
    <dates>
      <discovery>2023-04-27</discovery>
      <entry>2023-08-02</entry>
    </dates>
  </vuln>

  <vuln vid="fa239535-30f6-11ee-aef9-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.2.0</ge><lt>16.2.2</lt></range>
	<range><ge>16.1.0</ge><lt>16.1.3</lt></range>
	<range><ge>9.3.0</ge><lt>16.0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/">
	  <p>ReDoS via ProjectReferenceFilter in any Markdown fields</p>
	  <p>ReDoS via AutolinkFilter in any Markdown fields</p>
	  <p>Regex DoS in Harbor Registry search</p>
	  <p>Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality</p>
	  <p>Stored XSS in Web IDE Beta via crafted URL</p>
	  <p>securityPolicyProjectAssign mutation does not authorize security policy project ID</p>
	  <p>An attacker can run pipeline jobs as arbitrary user</p>
	  <p>Possible Pages Unique Domain Overwrite</p>
	  <p>Access tokens may have been logged when a query was made to an endpoint</p>
	  <p>Reflected XSS via PlantUML diagram</p>
	  <p>The main branch of a repository with a specially designed name may allow an attacker to create repositories with malicious code</p>
	  <p>Invalid 'start_sha' value on merge requests page may lead to Denial of Service</p>
	  <p>Developers can create pipeline schedules on protected branches even if they don't have access to merge</p>
	  <p>Potential DOS due to lack of pagination while loading license data</p>
	  <p>Leaking emails of newly created users</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3994</cvename>
      <cvename>CVE-2023-3364</cvename>
      <cvename>CVE-2023-0632</cvename>
      <cvename>CVE-2023-3385</cvename>
      <cvename>CVE-2023-2164</cvename>
      <cvename>CVE-2023-4002</cvename>
      <cvename>CVE-2023-4008</cvename>
      <cvename>CVE-2023-3993</cvename>
      <cvename>CVE-2023-3500</cvename>
      <cvename>CVE-2023-3401</cvename>
      <cvename>CVE-2023-3900</cvename>
      <cvename>CVE-2023-2022</cvename>
      <cvename>CVE-2023-4011</cvename>
      <cvename>CVE-2023-1210</cvename>
      <url>https://about.gitlab.com/releases/2023/08/01/security-release-gitlab-16-2-2-released/</url>
    </references>
    <dates>
      <discovery>2023-08-01</discovery>
      <entry>2023-08-02</entry>
    </dates>
  </vuln>

  <vuln vid="bad6588e-2fe0-11ee-a0d1-84a93843eb75">
    <topic>OpenSSL -- Excessive time spent checking DH q parameter value</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1u_1,1</lt></range>
      </package>
      <package>
	<name>openssl30</name>
	<range><lt>3.0.9_2</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.1_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230731.txt">
	  <p>Checking excessively long DH keys or parameters may be very slow
	    (severity: Low).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3817</cvename>
      <url>https://www.openssl.org/news/secadv/20230731.txt</url>
    </references>
    <dates>
      <discovery>2023-07-31</discovery>
      <entry>2023-07-31</entry>
    </dates>
  </vuln>

  <vuln vid="a0321b74-031d-485c-bb76-edd75256a6f0">
    <topic>jenkins -- Stored XSS vulnerability</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.416</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.401.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-07-26/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-3188 / CVE-2023-39151</h5>
	  <p>Stored XSS vulnerability</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-39151</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-07-26/</url>
    </references>
    <dates>
      <discovery>2023-07-26</discovery>
      <entry>2023-07-26</entry>
    </dates>
  </vuln>

  <vuln vid="ab0bab3c-2927-11ee-8608-07b8d3947721">
    <topic>gitea -- Disallow dangerous URL schemes</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.20.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/25960">
	  <p>Disallow javascript, vbscript and data (data uri images still
	    work) url schemes even if all other schemes are allowed</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.20.1</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.1</url>
    </references>
    <dates>
      <discovery>2023-06-18</discovery>
      <entry>2023-07-23</entry>
    </dates>
  </vuln>

  <vuln vid="887eb570-27d3-11ee-adba-c80aa9043978">
      <topic>OpenSSH -- remote code execution via a forwarded agent socket</topic>
    <affects>
      <package>
	<name>openssh-portable</name>
	<name>openssh-portable-hpn</name>
	<name>openssh-portable-gssapi</name>
	<range><lt>9.3.p2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSSH project reports:</p>
	<blockquote cite="https://www.openssh.com/txt/release-9.3p2">
	    <p>Fix CVE-2023-38408 - a condition where specific libaries loaded via
	    ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
	    code execution via a forwarded agent socket if the following
	    conditions are met:

	    * Exploitation requires the presence of specific libraries on
      the victim system.
	    * Remote exploitation requires that the agent was forwarded
      to an attacker-controlled system.

	    Exploitation can also be prevented by starting ssh-agent(1) with an
	    empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
	    an allowlist that contains only specific provider libraries.

	    This vulnerability was discovered and demonstrated to be exploitable
	    by the Qualys Security Advisory team.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-38408</cvename>
      <url>https://www.openssh.com/txt/release-9.3p2</url>
    </references>
    <dates>
      <discovery>2023-07-19</discovery>
      <entry>2023-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="2f22927f-26ea-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>115.0.5790.98</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>115.0.5790.98</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html">
	 <p>This update includes 20 security fixes:</p>
	 <ul>
	    <li>[1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12</li>
	    <li>[1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23</li>
	    <li>[1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09</li>
	    <li>[1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02</li>
	    <li>[1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31</li>
	    <li>[1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01</li>
	    <li>[1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29</li>
	    <li>[1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19</li>
	    <li>[1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19</li>
	    <li>[1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18</li>
	    <li>[1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3727</cvename>
      <cvename>CVE-2023-3728</cvename>
      <cvename>CVE-2023-3730</cvename>
      <cvename>CVE-2023-3732</cvename>
      <cvename>CVE-2023-3733</cvename>
      <cvename>CVE-2023-3734</cvename>
      <cvename>CVE-2023-3735</cvename>
      <cvename>CVE-2023-3736</cvename>
      <cvename>CVE-2023-3737</cvename>
      <cvename>CVE-2023-3738</cvename>
      <cvename>CVE-2023-3740</cvename>
      <url>https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-07-19</discovery>
      <entry>2023-07-20</entry>
    </dates>
  </vuln>

  <vuln vid="f32b1fbd-264d-11ee-a468-80fa5b29d485">
    <topic>virtualbox-ose -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>6.1.46</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert_us@oracle.com reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
	  <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
	Virtualization (component: Core).  Supported versions that are
	affected are Prior to 6.1.46 and Prior to 7.0.10.  Easily exploitable
	vulnerability allows high privileged attacker with logon to the
	infrastructure where Oracle VM VirtualBox executes to compromise
	Oracle VM VirtualBox.  Successful attacks require human interaction
	from a person other than the attacker.  Successful attacks of this
	vulnerability can result in unauthorized ability to cause a hang
	or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.
	CVSS 3.1 Base Score 4.2 (Availability impacts).  CVSS Vector:
	(CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22016</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22016</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-07-19</entry>
    </dates>
  </vuln>

  <vuln vid="cf40e8b7-264d-11ee-a468-80fa5b29d485">
    <topic>virtualbox-ose -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>6.1.46</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert_us@oracle.com reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
	  <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
	Virtualization (component: Core).  Supported versions that are
	affected are Prior to 6.1.46 and Prior to 7.0.10.  Easily exploitable
	vulnerability allows low privileged attacker with logon to the
	infrastructure where Oracle VM VirtualBox executes to compromise
	Oracle VM VirtualBox.  Successful attacks of this vulnerability can
	result in unauthorized ability to cause a hang or frequently
	repeatable crash (complete DOS) of Oracle VM VirtualBox.  Note:
	This vulnerability applies to Windows VMs only.  CVSS 3.1 Base Score
	5.5 (Availability impacts).  CVSS Vector:
	(CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22017</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22017</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-07-19</entry>
    </dates>
  </vuln>

  <vuln vid="bc90e894-264b-11ee-a468-80fa5b29d485">
    <topic>virtualbox-ose -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>6.1.46</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>secalert_us@oracle.com reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2023.html">
	  <p>Vulnerability in the Oracle VM VirtualBox product of Oracle
	Virtualization (component: Core).  Supported versions that are
	affected are Prior to 6.1.46 and Prior to 7.0.10.  Difficult to
	exploit vulnerability allows unauthenticated attacker with network
	access via RDP to compromise Oracle VM VirtualBox.  Successful
	attacks of this vulnerability can result in takeover of Oracle VM
	VirtualBox.  CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity
	and Availability impacts).  CVSS Vector:
	(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22018</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22018</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-07-19</entry>
    </dates>
  </vuln>

  <vuln vid="c70c3dc3-258c-11ee-b37b-901b0e9408dc">
    <topic>element-web -- Cross site scripting in Export Chat feature</topic>
    <affects>
      <package>
	<name>element-web</name>
	<range><lt>1.11.36</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix Developers reports:</p>
	<blockquote cite="https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-c9vx-2g7w-rp65">
	  <p>The Export Chat feature includes certain attacker-controlled elements in the
	  generated document without sufficient escaping, leading to stored XSS.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-37259</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-37259</url>
    </references>
    <dates>
      <discovery>2023-07-18</discovery>
      <entry>2023-07-18</entry>
    </dates>
  </vuln>

  <vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.20.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22759">
	  <p>Test if container blob is accessible before mounting.</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22175">
	  <p>Set type="password" on all auth_token fields</p>
	  <p>Seen when migrating from other hosting platforms.</p>
	  <p>Prevents exposing the token to screen capture/cameras/eyeballs.</p>
	  <p>Prevents the browser from saving the value in its autocomplete
	    dictionary, which often is not secure.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.com/release-of-1.20.0</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url>
    </references>
    <dates>
      <discovery>2023-06-08</discovery>
      <entry>2023-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75">
    <topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic>
    <affects>
      <package>
	<name>openssl30</name>
	<range><lt>3.0.9_1</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.1_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230714.txt">
	  <p>The AES-SIV cipher implementation contains a bug that causes
	    it to ignore empty associated data entries which are unauthenticated as
	    a consequence.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2975</cvename>
      <url>https://www.openssl.org/news/secadv/20230714.txt</url>
    </references>
    <dates>
      <discovery>2023-07-14</discovery>
      <entry>2023-07-16</entry>
    </dates>
  </vuln>

  <vuln vid="3446e45d-a51b-486f-9b0e-e4402d91fed6">
    <topic>electron22 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.17">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3422.</li>
	    <li>Security: backported fix for CVE-2023-3421.</li>
	    <li>Security: backported fix for CVE-2023-3420.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3422</cvename>
      <url>https://github.com/advisories/GHSA-gqjh-f545-vcx3</url>
      <cvename>CVE-2023-3421</cvename>
      <url>https://github.com/advisories/GHSA-943x-93ff-jr62</url>
      <cvename>CVE-2023-3420</cvename>
      <url>https://github.com/advisories/GHSA-4297-fx5c-x987</url>
    </references>
    <dates>
      <discovery>2023-07-12</discovery>
      <entry>2023-07-14</entry>
    </dates>
  </vuln>

  <vuln vid="b67d768c-1f53-11ee-82ed-4ccc6adda413">
    <topic>librecad -- out-of-bounds read in importshp plugin</topic>
    <affects>
      <package>
	<name>librecad</name>
	<range><lt>2.2.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Albin Eldstål-Ahrens reports:</p>
	<blockquote cite="https://github.com/LibreCAD/LibreCAD/issues/1481">
	  <p>An out-of-bounds read on a heap buffer in the importshp plugin may
      allow an attacker to read sensitive data via a crafted DBF file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-30259</cvename>
      <url>https://github.com/LibreCAD/LibreCAD/issues/1481</url>
    </references>
    <dates>
      <discovery>2021-12-28</discovery>
      <entry>2023-07-10</entry>
    </dates>
  </vuln>

  <vuln vid="6fae2d6c-1f38-11ee-a475-080027f5fec9">
    <topic>redis -- heap overflow in COMMAND GETKEYS and ACL evaluation</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.12</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.12.20230710</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/JDjKS0GubsQ">
	  <p>
	    Extracting key names from a command and a list of
	    arguments may, in some cases, trigger a heap overflow and
	    result in reading random heap memory, heap corruption and
	    potentially remote code execution. Specifically: using
	    COMMAND GETKEYS* and validation of key names in ACL rules.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-36824</cvename>
      <url>https://groups.google.com/g/redis-db/c/JDjKS0GubsQ</url>
      <url>https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3</url>
    </references>
    <dates>
      <discovery>2023-07-10</discovery>
      <entry>2023-07-10</entry>
    </dates>
  </vuln>

  <vuln vid="0e254b4a-1f37-11ee-a475-080027f5fec9">
    <topic>redis -- Heap overflow in the cjson and cmsgpack libraries</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.12</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.12.20230710</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.13</lt></range>
      </package>
      <package>
	<name>redis60</name>
	<range><lt>6.0.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/JDjKS0GubsQ">
	  <p>
	     A specially crafted Lua script executing in Redis can
	     trigger a heap overflow in the cjson and cmsgpack
	     libraries, and result in heap corruption and potentially
	     remote code execution.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24834</cvename>
      <url>https://groups.google.com/g/redis-db/c/JDjKS0GubsQ</url>
    </references>
    <dates>
      <discovery>2023-07-10</discovery>
      <entry>2023-07-10</entry>
    </dates>
  </vuln>

  <vuln vid="8ea24413-1b15-11ee-9331-570525adb7f1">
    <topic>gitea -- avoid open HTTP redirects</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.19.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/25143">
	  <p>If redirect_to parameter has set value starting with
	    \\example.com redirect will be created with header Location:
	    /\\example.com that will redirect to example.com domain.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2023/07/gitea-1.19.4-is-released/</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.19.4</url>
    </references>
    <dates>
      <discovery>2023-06-08</discovery>
      <entry>2023-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="d1681df3-421e-4a63-95b4-a3d6e29d395d">
    <topic>electron{23,24} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron23</name>
	<range><lt>23.3.10</lt></range>
      </package>
      <package>
	<name>electron24</name>
	<range><lt>24.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v23.3.10">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3422.</li>
	    <li>Security: backported fix for CVE-2023-3421.</li>
	    <li>Security: backported fix for CVE-2023-3420.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3422</cvename>
      <url>https://github.com/advisories/GHSA-gqjh-f545-vcx3</url>
      <cvename>CVE-2023-3421</cvename>
      <url>https://github.com/advisories/GHSA-943x-93ff-jr62</url>
      <cvename>CVE-2023-3420</cvename>
      <url>https://github.com/advisories/GHSA-4297-fx5c-x987</url>
    </references>
    <dates>
      <discovery>2023-07-05</discovery>
      <entry>2023-07-06</entry>
    </dates>
  </vuln>

  <vuln vid="d8972bcd-1b64-11ee-9cd6-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.1.0</ge><lt>16.1.2</lt></range>
	<range><ge>16.0.0</ge><lt>16.0.7</lt></range>
	<range><ge>15.11.0</ge><lt>15.11.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/">
	  <p>A user can change the name and path of some public GitLab groups</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3484</cvename>
      <url>https://about.gitlab.com/releases/2023/07/05/security-release-gitlab-16-1-2-released/</url>
    </references>
    <dates>
      <discovery>2023-07-05</discovery>
      <entry>2023-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="01eeea33-1afa-11ee-8a9b-b42e991fc52e">
    <topic>phpldapadmin -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>phpldapadmin-php80</name>
	<name>phpldapadmin-php81</name>
	<range><lt>1.2.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474">
	  <p>An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2
	that allows users to store malicious values that may be executed
	by other users at a later time via get_request in lib/function.php.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35132</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-35132</url>
    </references>
    <dates>
      <discovery>2020-12-11</discovery>
      <entry>2023-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="4ee7fa77-19a6-11ee-8a05-080027eda32c">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<name>py311-django32</name>
	<range><lt>3.2.20</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<name>py311-django41</name>
	<range><lt>4.1.10</lt></range>
      </package>
      <package>
	<name>py38-django42</name>
	<name>py39-django42</name>
	<name>py310-django42</name>
	<name>py311-django42</name>
	<range><lt>4.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/jul/03/security-releases/">
	  <p>CVE-2023-36053: Potential regular expression denial of service
	    vulnerability in EmailValidator/URLValidator.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-36053</cvename>
      <url>https://www.djangoproject.com/weblog/2023/jul/03/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-07-01</discovery>
      <entry>2023-07-03</entry>
    </dates>
  </vuln>

  <vuln vid="95dad123-180e-11ee-86ba-080027eda32c">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.11</lt></range>
      </package>
      <package>
	<name>mediawiki138</name>
	<range><lt>1.38.7</lt></range>
      </package>
      <package>
	<name>mediawiki139</name>
	<range><lt>1.39.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/">
	  <p>(T335203, CVE-2023-29197) Upgrade guzzlehttp/psr7 to >= 1.9.1/2.4.5.</p>
	  <p>(T335612, CVE-2023-36674) Manualthumb bypasses badFile lookup.</p>
	  <p>(T332889, CVE-2023-36675) XSS in BlockLogFormatter due to unsafe message
	    use.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-29197</cvename>
      <cvename>CVE-2023-36674</cvename>
      <cvename>CVE-2023-36675</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/HVT3U3XYY35PSCIQPHMY4VQNF3Q6MHUO/</url>
    </references>
    <dates>
      <discovery>2023-04-21</discovery>
      <entry>2023-07-01</entry>
    </dates>
  </vuln>

  <vuln vid="3117e6cd-1772-11ee-9cd6-001b217b3468">
    <topic>Gitlab -- Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.1.0</ge><lt>16.1.1</lt></range>
	<range><ge>16.0.0</ge><lt>16.0.6</lt></range>
	<range><ge>15.11.0</ge><lt>15.11.10</lt></range>
	<range><ge>7.14.0</ge><lt>15.10.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/">
	  <p>ReDoS via EpicReferenceFilter in any Markdown fields</p>
	  <p>New commits to private projects visible in forks created while project was public</p>
	  <p>New commits to private projects visible in forks created while project was public</p>
	  <p>Maintainer can leak masked webhook secrets by manipulating URL masking</p>
	  <p>Information disclosure of project import errors</p>
	  <p>Sensitive information disclosure via value stream analytics controller</p>
	  <p>Bypassing Code Owners branch protection rule in GitLab</p>
	  <p>HTML injection in email address</p>
	  <p>Webhook token leaked in Sidekiq logs if log format is 'default'</p>
	  <p>Private email address of service desk issue creator disclosed via issues API</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3424</cvename>
      <cvename>CVE-2023-2190</cvename>
      <cvename>CVE-2023-3444</cvename>
      <cvename>CVE-2023-2620</cvename>
      <cvename>CVE-2023-3362</cvename>
      <cvename>CVE-2023-3102</cvename>
      <cvename>CVE-2023-2576</cvename>
      <cvename>CVE-2023-2200</cvename>
      <cvename>CVE-2023-3363</cvename>
      <cvename>CVE-2023-1936</cvename>
      <url>https://about.gitlab.com/releases/2023/06/29/security-release-gitlab-16-1-1-released/</url>
    </references>
    <dates>
      <discovery>2023-06-29</discovery>
      <entry>2023-06-30</entry>
    </dates>
  </vuln>

  <vuln vid="d821956f-1753-11ee-ad66-1c61b4739ac9">
    <topic>SoftEtherVPN -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>softether</name>
	<range><lt>4.42.9798</lt></range>
      </package>
      <package>
	<name>softether-devel</name>
	<range><lt>4.42.9798</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Daiyuu Nobori reports:</p>
	<blockquote cite="https://www.softether.org/9-about/News/904-SEVPN202301">
	  <p>The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code.</p>
	  <p>The risk of exploitation of any of the fixed vulnerabilities is low under normal usage and environment, and actual attacks are very difficult. However, SoftEther VPN is now an open source VPN software used by 7.4 million unique users worldwide, and is used daily by many users to defend against the risk of blocking attacks by national censorship firewalls and attempts to eavesdrop on communications. Therefore, as long as the slightest attack possibility exists, there is great value in preventing vulnerabilities as much as possible in anticipation of the most sophisticated cyber attackers in the world, such as malicious ISPs and man-in-the-middle attackers on national Internet communication channels. These fixes are important and useful patches for users who use SoftEther VPN and the Internet for secure communications to prevent advanced attacks that can theoretically be triggered by malicious ISPs and man-in-the-middle attackers on national Internet communication pathways.</p>
	  <p>The fixed vulnerabilities are CVE-2023-27395, CVE-2023-22325, CVE-2023-32275, CVE-2023-27516, CVE-2023-32634, and CVE-2023-31192. All of these were discovered in an outstanding code review of SoftEther VPN by Cisco Systems, Inc.</p>
	  <ol>
	    <li>CVE-2023-27395: Heap overflow in SoftEther VPN DDNS client functionality at risk of crashing and theoretically arbitrary code execution caused by a malicious man-in-the-middle attacker such like ISP-level or on national Internet communication channels</li>
	    <li>CVE-2023-22325: Integer overflow in the SoftEther VPN DDNS client functionality could result in crashing caused by a malicious man-in-the-middle attacker such like ISP-level or on national Internet communication channels</li>
	    <li>CVE-2023-32275: Vulnerability that allows the administrator himself of a 32-bit version of VPN Client or VPN Server to see the 32-bit value heap address of each of trusted CA's certificates in the VPN process</li>
	    <li>CVE-2023-27516: If the user forget to set the administrator password of SoftEther VPN Client and enable remote administration with blank password, the administrator password of VPN Client can be changed remotely or VPN client can be used remotely by anonymouse third person</li>
	    <li>CVE-2023-32634: If an attacker succeeds in launching a TCP relay program on the same port as the VPN Client on a local computer running the SoftEther VPN Client before the VPN Client process is launched, the TCP relay program can conduct a man-in-the-middle attack on communication between the administrator and the VPN Client process</li>
	    <li>CVE-2023-31192: When SoftEther VPN Client connects to an untrusted VPN Server, an invalid redirection response for the clustering (load balancing) feature causes 20 bytes of uninitialized stack space to be read</li>
	  </ol>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27395</cvename>
      <cvename>CVE-2023-22325</cvename>
      <cvename>CVE-2023-32275</cvename>
      <cvename>CVE-2023-27516</cvename>
      <cvename>CVE-2023-32634</cvename>
      <cvename>CVE-2023-31192</cvename>
      <url>https://www.softether.org/9-about/News/904-SEVPN202301</url>
    </references>
    <dates>
      <discovery>2023-06-30</discovery>
      <entry>2023-06-30</entry>
    </dates>
  </vuln>

  <vuln vid="06428d91-152e-11ee-8b14-dbdd62da85fb">
    <topic>OpenEXR -- heap buffer overflow in internal_huf_decompress</topic>
    <affects>
      <package>
	<name>openexr</name>
	<range><lt>3.1.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>oss-fuzz reports:</p>
	<blockquote cite="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382">
	  <p>heap buffer overflow in internal_huf_decompress.</p>
	</blockquote>
	<p>Cary Phillips reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9">
	  <p>v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress</p>
	</blockquote>
	<p>Kimball Thurston reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/pull/1439">
	  <p>Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382</url>
      <url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9</url>
      <url>https://github.com/AcademySoftwareFoundation/openexr/commit/e431f7e189d0785bb84a5bfb83391e9e58590c49</url>
      <url>https://github.com/AcademySoftwareFoundation/openexr/pull/1439</url>
    </references>
    <dates>
      <discovery>2023-05-28</discovery>
      <entry>2023-06-27</entry>
    </dates>
  </vuln>

  <vuln vid="ad05a737-14bd-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>114.0.5735.198</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>114.0.5735.198</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html">
	 <p>This update includes 4 security fixes:</p>
	 <ul>
	    <li>[1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07</li>
	    <li>[1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22</li>
	    <li>[1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3420</cvename>
      <cvename>CVE-2023-3421</cvename>
      <cvename>CVE-2023-3422</cvename>
      <url>https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html</url>
    </references>
    <dates>
      <discovery>2023-06-26</discovery>
      <entry>2023-06-27</entry>
    </dates>
  </vuln>

  <vuln vid="fdbe9aec-118b-11ee-908a-6c3be5272acd">
    <topic>Grafana -- Account takeover / authentication bypass</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>6.7.0</ge><lt>8.5.27</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.20</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.16</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.13</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.5</lt></range>
	<range><ge>10.0.0</ge><lt>10.0.1</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.27</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.20</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.16</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.13</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.5</lt></range>
      </package>
      <package>
	<name>grafana10</name>
	<range><lt>10.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/">
	  <p>Grafana validates Azure Active Directory accounts based on the email claim.
	  On Azure AD, the profile email field is not unique across Azure AD tenants.
	  This can enable a Grafana account takeover and authentication bypass when
	  Azure AD OAuth is configured with a multi-tenant Azure AD OAuth application.
	  </p>
	  <p>The CVSS score for this vulnerability is 9.4 Critical.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3128</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-3128</url>
    </references>
    <dates>
      <discovery>2023-06-22</discovery>
      <entry>2023-06-23</entry>
    </dates>
  </vuln>

  <vuln vid="a03b2d9e-b3f2-428c-8f66-21092ed2ba94">
    <topic>electron{23,24} -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron23</name>
	<range><lt>23.3.8</lt></range>
      </package>
      <package>
	<name>electron24</name>
	<range><lt>24.6.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v23.3.8">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3215.</li>
	    <li>Security: backported fix for CVE-2023-3216.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3215</cvename>
      <url>https://github.com/advisories/GHSA-5rw6-vf4w-p4j3</url>
      <cvename>CVE-2023-3216</cvename>
      <url>https://github.com/advisories/GHSA-f35r-mcw4-gg3w</url>
    </references>
    <dates>
      <discovery>2023-06-22</discovery>
      <entry>2023-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="770d88cc-f6dc-4385-bdfe-497f8080c3fb">
    <topic>electron22 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.14">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3215.</li>
	    <li>Security: backported fix for CVE-2023-3216.</li>
	    <li>Security: backported fix for CVE-2023-0698.</li>
	    <li>Security: backported fix for CVE-2023-0932.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3215</cvename>
      <url>https://github.com/advisories/GHSA-5rw6-vf4w-p4j3</url>
      <cvename>CVE-2023-3216</cvename>
      <url>https://github.com/advisories/GHSA-f35r-mcw4-gg3w</url>
      <cvename>CVE-2023-0698</cvename>
      <url>https://github.com/advisories/GHSA-q6xx-4pmr-m3m4</url>
      <cvename>CVE-2023-0932</cvename>
      <url>https://github.com/advisories/GHSA-hh2g-39pc-2575</url>
    </references>
    <dates>
      <discovery>2023-06-22</discovery>
      <entry>2023-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="734b8f46-773d-4fef-bed3-61114fe8e4c5">
    <topic>libX11 -- Sub-object overflows</topic>
    <affects>
      <package>
	<name>libX11</name>
	<range><lt>1.8.6,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-June/003406.html">
	  <ul>
	    <li>Buffer overflows in InitExt.c in libX11 prior to 1.8.6 [CVE-2023-3138]

	    <p>The functions in src/InitExt.c in libX11 prior to 1.8.6 do not check
	    that the values provided for the Request, Event, or Error IDs are
	    within the bounds of the arrays that those functions write to, using
	    those IDs as array indexes.  Instead they trusted that they were called
	    with values provided by an Xserver that was adhering to the bounds
	    specified in the X11 protocol, as all X servers provided by X.Org do.</p>

	    <p>As the protocol only specifies a single byte for these values, an
	    out-of-bounds value provided by a malicious server (or a malicious
	    proxy-in-the-middle) can only overwrite other portions of the Display
	    structure and not write outside the bounds of the Display structure
	    itself.  Testing has found it is possible to at least cause the client
	    to crash with this memory corruption.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-June/003406.html</url>
      <cvename>CVE-2023-3138</cvename>
    </references>
    <dates>
      <discovery>2023-06-15</discovery>
      <entry>2023-06-16</entry>
    </dates>
  </vuln>

  <vuln vid="aae2ab45-2d21-4cd5-a53b-07ec933400ac">
    <topic>electron24 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron24</name>
	<range><lt>24.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v24.5.1">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-3079.</li>
	    <li>Security: backported fix for CVE-2023-2933.</li>
	    <li>Security: backported fix for CVE-2023-2932.</li>
	    <li>Security: backported fix for CVE-2023-2931.</li>
	    <li>Security: backported fix for CVE-2023-2936.</li>
	    <li>Security: backported fix for CVE-2023-2935.</li>
	    <li>Security: backported fix for CVE-2023-2934.</li>
	    <li>Security: backported fix for CVE-2023-2930.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3079</cvename>
      <url>https://github.com/advisories/GHSA-8mwf-hvfp-6xfg</url>
      <cvename>CVE-2023-2933</cvename>
      <url>https://github.com/advisories/GHSA-qrc7-3p69-2jpf</url>
      <cvename>CVE-2023-2932</cvename>
      <url>https://github.com/advisories/GHSA-7g49-wq8x-r6rh</url>
      <cvename>CVE-2023-2931</cvename>
      <url>https://github.com/advisories/GHSA-w3xh-m877-x3c2</url>
      <cvename>CVE-2023-2936</cvename>
      <url>https://github.com/advisories/GHSA-x723-3x32-qg44</url>
      <cvename>CVE-2023-2935</cvename>
      <url>https://github.com/advisories/GHSA-5ccq-3h49-vjp2</url>
      <cvename>CVE-2023-2934</cvename>
      <url>https://github.com/advisories/GHSA-mqff-qm67-cr66</url>
      <cvename>CVE-2023-2930</cvename>
      <url>https://github.com/advisories/GHSA-44xq-533g-gj79</url>
    </references>
    <dates>
      <discovery>2023-06-14</discovery>
      <entry>2023-06-16</entry>
    </dates>
  </vuln>

  <vuln vid="3bf6795c-d44c-4033-9b37-ed2e30f34fca">
    <topic>electron23 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron23</name>
	<range><lt>23.3.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v23.3.7">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-2724.</li>
	    <li>Security: backported fix for CVE-2023-2725.</li>
	    <li>Security: backported fix for CVE-2023-2721.</li>
	    <li>Security: backported fix for CVE-2023-3079.</li>
	    <li>Security: backported fix for CVE-2023-2933.</li>
	    <li>Security: backported fix for CVE-2023-2932.</li>
	    <li>Security: backported fix for CVE-2023-2931.</li>
	    <li>Security: backported fix for CVE-2023-2936.</li>
	    <li>Security: backported fix for CVE-2023-2935.</li>
	    <li>Security: backported fix for CVE-2023-2934.</li>
	    <li>Security: backported fix for CVE-2023-2930.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2724</cvename>
      <url>https://github.com/advisories/GHSA-j5rv-3m5p-q6rc</url>
      <cvename>CVE-2023-2725</cvename>
      <url>https://github.com/advisories/GHSA-c4fp-wmv9-q4cr</url>
      <cvename>CVE-2023-2721</cvename>
      <url>https://github.com/advisories/GHSA-5cww-gpqh-ggqj</url>
      <cvename>CVE-2023-3079</cvename>
      <url>https://github.com/advisories/GHSA-8mwf-hvfp-6xfg</url>
      <cvename>CVE-2023-2933</cvename>
      <url>https://github.com/advisories/GHSA-qrc7-3p69-2jpf</url>
      <cvename>CVE-2023-2932</cvename>
      <url>https://github.com/advisories/GHSA-7g49-wq8x-r6rh</url>
      <cvename>CVE-2023-2931</cvename>
      <url>https://github.com/advisories/GHSA-w3xh-m877-x3c2</url>
      <cvename>CVE-2023-2936</cvename>
      <url>https://github.com/advisories/GHSA-x723-3x32-qg44</url>
      <cvename>CVE-2023-2935</cvename>
      <url>https://github.com/advisories/GHSA-5ccq-3h49-vjp2</url>
      <cvename>CVE-2023-2934</cvename>
      <url>https://github.com/advisories/GHSA-mqff-qm67-cr66</url>
      <cvename>CVE-2023-2930</cvename>
      <url>https://github.com/advisories/GHSA-44xq-533g-gj79</url>
    </references>
    <dates>
      <discovery>2023-06-14</discovery>
      <entry>2023-06-16</entry>
    </dates>
  </vuln>

  <vuln vid="3c3d3dcb-bef7-4d20-9580-b4216b5ff6a2">
    <topic>electron22 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.13">
	  <p>This update fixes the following vulnerabilities:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-2724.</li>
	    <li>Security: backported fix for CVE-2023-2723.</li>
	    <li>Security: backported fix for CVE-2023-2725.</li>
	    <li>Security: backported fix for CVE-2023-2721.</li>
	    <li>Security: backported fix for CVE-2023-3079.</li>
	    <li>Security: backported fix for CVE-2023-2933.</li>
	    <li>Security: backported fix for CVE-2023-2932.</li>
	    <li>Security: backported fix for CVE-2023-2931.</li>
	    <li>Security: backported fix for CVE-2023-2936.</li>
	    <li>Security: backported fix for CVE-2023-2935.</li>
	    <li>Security: backported fix for CVE-2023-2930.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2724</cvename>
      <url>https://github.com/advisories/GHSA-j5rv-3m5p-q6rc</url>
      <cvename>CVE-2023-2723</cvename>
      <url>https://github.com/advisories/GHSA-7797-6fvm-v8xw</url>
      <cvename>CVE-2023-2725</cvename>
      <url>https://github.com/advisories/GHSA-c4fp-wmv9-q4cr</url>
      <cvename>CVE-2023-2721</cvename>
      <url>https://github.com/advisories/GHSA-5cww-gpqh-ggqj</url>
      <cvename>CVE-2023-3079</cvename>
      <url>https://github.com/advisories/GHSA-8mwf-hvfp-6xfg</url>
      <cvename>CVE-2023-2933</cvename>
      <url>https://github.com/advisories/GHSA-qrc7-3p69-2jpf</url>
      <cvename>CVE-2023-2932</cvename>
      <url>https://github.com/advisories/GHSA-7g49-wq8x-r6rh</url>
      <cvename>CVE-2023-2931</cvename>
      <url>https://github.com/advisories/GHSA-w3xh-m877-x3c2</url>
      <cvename>CVE-2023-2936</cvename>
      <url>https://github.com/advisories/GHSA-x723-3x32-qg44</url>
      <cvename>CVE-2023-2935</cvename>
      <url>https://github.com/advisories/GHSA-5ccq-3h49-vjp2</url>
      <cvename>CVE-2023-2930</cvename>
      <url>https://github.com/advisories/GHSA-44xq-533g-gj79</url>
    </references>
    <dates>
      <discovery>2023-06-14</discovery>
      <entry>2023-06-16</entry>
    </dates>
  </vuln>

  <vuln vid="b4db7d78-bb62-4f4c-9326-6e9fc2ddd400">
    <topic>jenkins -- CSRF protection bypass vulnerability</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.400</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.401.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-06-14/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-3135 / CVE-2023-35141</h5>
	  <p>CSRF protection bypass vulnerability</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-35141</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-06-14/</url>
    </references>
    <dates>
      <discovery>2023-06-14</discovery>
      <entry>2023-06-14</entry>
    </dates>
  </vuln>

  <vuln vid="f0250129-fdb8-41ed-aa9e-661ff5026845">
    <topic>vscode -- VS Code Information Disclosure Vulnerability</topic>
    <affects>
      <package>
	<name>vscode</name>
	<range><lt>1.79.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>VSCode developers reports:</p>
	<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr">
	  <p>VS Code Information Disclosure Vulnerability</p>
	  <p>A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-33144</cvename>
      <url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144</url>
    </references>
    <dates>
      <discovery>2023-06-13</discovery>
      <entry>2023-06-13</entry>
    </dates>
  </vuln>

  <vuln vid="1567be8c-0a15-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>114.0.5735.133</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>114.0.5735.133</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html">
	 <p>This update includes 5 security fixes:</p>
	 <ul>
	    <li>[1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01</li>
	    <li>[1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17</li>
	    <li>[1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31</li>
	    <li>[1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3214</cvename>
      <cvename>CVE-2023-3215</cvename>
      <cvename>CVE-2023-3216</cvename>
      <cvename>CVE-2023-3217</cvename>
      <url>https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html</url>
    </references>
    <dates>
      <discovery>2023-06-13</discovery>
      <entry>2023-06-13</entry>
    </dates>
  </vuln>

  <vuln vid="f7e9a1cc-0931-11ee-94b4-6cc21735f730">
    <topic>xmltooling -- remote resource access</topic>
    <affects>
      <package>
	<name>xmltooling</name>
	<range><lt>3.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Shibboleth consortium reports:</p>
	<blockquote cite="https://shibboleth.net/community/advisories/secadv_20230612.txt">
	  <p>An updated version of the XMLTooling library that is part of the
	  OpenSAML and Shibboleth Service Provider software is now available
	  which corrects a server-side request forgery (SSRF) vulnerability.</p>
	  <p>Including certain legal but "malicious in intent" content in the
	  KeyInfo element defined by the XML Signature standard will result
	  in attempts by the SP's shibd process to dereference untrusted
	  URLs.</p>
	  <p>While the content of the URL must be supplied within the message
	  and does not include any SP internal state or dynamic content,
	  there is at minimum a risk of denial of service, and the attack
	  could be combined with others to create more serious vulnerabilities
	  in the future.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://shibboleth.net/community/advisories/secadv_20230612.txt</url>
    </references>
    <dates>
      <discovery>2023-06-12</discovery>
      <entry>2023-06-12</entry>
    </dates>
  </vuln>

  <vuln vid="fdca9418-06f0-11ee-abe2-ecf4bbefc954">
    <topic>acme.sh -- closes potential remote vuln</topic>
    <affects>
      <package>
	<name>acme.sh</name>
	<range><lt>3.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Neil Pang reports:</p>
	<blockquote cite="https://github.com/acmesh-official/acme.sh/issues/4659">
	  <p>HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/acmesh-official/acme.sh/issues/4665</url>
    </references>
    <dates>
      <discovery>2023-06-08</discovery>
      <entry>2023-06-09</entry>
    </dates>
  </vuln>

  <vuln vid="d86becfe-05a4-11ee-9d4a-080027eda32c">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python37</name>
	<range><lt>3.7.17</lt></range>
      </package>
      <package>
	<name>python38</name>
	<range><lt>3.8.17</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.17</lt></range>
      </package>
      <package>
	<name>python310</name>
	<range><lt>3.10.12</lt></range>
      </package>
      <package>
	<name>python311</name>
	<range><lt>3.11.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html">
	  <p>gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded
	    to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well
	    as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727).</p>
	  <p>gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters
	    following the specification for URLs defined by WHATWG in response to CVE-2023-24329.</p>
	  <p>gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal
	    based on the input if no out_file was specified.</p>
	  <p>gh-104049: Do not expose the local on-disk location in directory indexes produced by
	    http.client.SimpleHTTPRequestHandler.</p>
	  <p>gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with
	    shell=True.</p>
	  <p>gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open().</p>
	  <p>gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter
	    argument that allows limiting tar features than may be surprising or dangerous, such as creating
	    files outside the destination directory. </p>
	  <p>gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to
	    acquire the runtime head lock.</p>
	  <p>gh-100892: Fixed a crash due to a race while iterating over thread states in clearing
	    threading.local.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4303</cvename>
      <cvename>CVE-2023-2650</cvename>
      <cvename>CVE-2023-0286</cvename>
      <cvename>CVE-2023-0464</cvename>
      <cvename>CVE-2023-0465</cvename>
      <cvename>CVE-2023-0466</cvename>
      <cvename>CVE-2023-24329</cvename>
      <url>https://pythoninsider.blogspot.com/2023/06/python-3114-31012-3917-3817-3717-and.html</url>
    </references>
    <dates>
      <discovery>2022-06-08</discovery>
      <entry>2023-06-08</entry>
    </dates>
  </vuln>

  <vuln vid="6c1de144-056f-11ee-8e16-6c3be5272acd">
    <topic>Grafana -- Broken access control: viewer can send test alerts</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.5.26</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.19</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.15</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.12</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.3</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.5.26</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.19</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.15</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.12</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/">
	  <p>Grafana can allow an attacker in the <strong>Viewer</strong> role
	  to send alerts by <strong>API Alert - Test</strong>. This option,
	  however, is not available in the user panel UI for the Viewer role.
	  </p>
	  <p>The CVSS score for this vulnerability is 4.1 Medium
	  (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2183</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-2183/</url>
    </references>
    <dates>
      <discovery>2023-06-06</discovery>
      <entry>2023-06-07</entry>
    </dates>
  </vuln>

  <vuln vid="652064ef-056f-11ee-8e16-6c3be5272acd">
    <topic>Grafana -- Grafana DS proxy race condition</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>9.4.0</ge><lt>9.4.12</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.3</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.4.0</ge><lt>9.4.12</lt></range>
	<range><ge>9.5.0</ge><lt>9.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/06/06/grafana-security-release-new-grafana-versions-with-security-fixes-for-cve-2023-2183-and-cve-2023-2801/">
	  <p>We have discovered a vulnerability with Grafana’s data source query
	  endpoints that could end up crashing a Grafana instance.</p>
	  <p>If you have public dashboards (PD) enabled, we
	  are scoring this as a CVSS 7.5 High.</p>
	  <p>If you have disabled PD, this vulnerability is still a risk,
	  but triggering the issue requires data source read privileges
	  and access to the Grafana API through a developer script.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2801</cvename>
      <url>CVE-2023-2801</url>
    </references>
    <dates>
      <discovery>2023-06-06</discovery>
      <entry>2023-06-07</entry>
    </dates>
  </vuln>

  <vuln vid="12741b1f-04f9-11ee-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>114.0.5735.106</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>114.0.5735.106</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	    <li>[1450481] High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-3079</cvename>
      <url>https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-06-05</discovery>
      <entry>2023-06-07</entry>
    </dates>
  </vuln>

  <vuln vid="cdb5338d-04ec-11ee-9c88-001b217b3468">
    <topic>Gitlab -- Vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>16.0.0</ge><lt>16.0.2</lt></range>
	<range><ge>15.11.0</ge><lt>15.11.7</lt></range>
	<range><ge>15.10.0</ge><lt>15.10.8</lt></range>
	<range><ge>1.2</ge><lt>15.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/">
	  <p>Stored-XSS with CSP-bypass in Merge requests</p>
	  <p>ReDoS via FrontMatterFilter in any Markdown fields</p>
	  <p>ReDoS via InlineDiffFilter in any Markdown fields</p>
	  <p>ReDoS via DollarMathPostFilter in Markdown fields</p>
	  <p>DoS via malicious test report artifacts</p>
	  <p>Restricted IP addresses can clone repositories of public projects</p>
	  <p>Reflected XSS in Report Abuse Functionality</p>
	  <p>Privilege escalation from maintainer to owner by importing members from a project</p>
	  <p>Bypassing tags protection in GitLab</p>
	  <p>Denial of Service using multiple labels with arbitrarily large descriptions</p>
	  <p>Ability to use an unverified email for public and commit emails</p>
	  <p>Open Redirection Through HTTP Response Splitting</p>
	  <p>Disclosure of issue notes to an unauthorized user when exporting a project</p>
	  <p>Ambiguous branch name exploitation</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2442</cvename>
      <cvename>CVE-2023-2199</cvename>
      <cvename>CVE-2023-2198</cvename>
      <cvename>CVE-2023-2132</cvename>
      <cvename>CVE-2023-0121</cvename>
      <cvename>CVE-2023-2589</cvename>
      <cvename>CVE-2023-2015</cvename>
      <cvename>CVE-2023-2485</cvename>
      <cvename>CVE-2023-2001</cvename>
      <cvename>CVE-2023-0921</cvename>
      <cvename>CVE-2023-1204</cvename>
      <cvename>CVE-2023-0508</cvename>
      <cvename>CVE-2023-1825</cvename>
      <cvename>CVE-2023-2013</cvename>
      <url>https://about.gitlab.com/releases/2023/06/05/security-release-gitlab-16-0-2-released/</url>
    </references>
    <dates>
      <discovery>2023-06-05</discovery>
      <entry>2023-06-07</entry>
    </dates>
  </vuln>

  <vuln vid="2f38c6a2-04a4-11ee-8cb0-e41f13b9c674">
    <topic>qpress -- directory traversal</topic>
    <affects>
      <package>
	<name>qpress</name>
	<range><lt>11.3</lt></range>
      </package>
      <package>
	<name>xtrabackup8</name>
	<range><lt>8.0.32</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761">
	  <p>qpress before PierreLvx/qpress 20220819 and before version 11.3,
	as used in Percona XtraBackup and other products, allows directory
	traversal via ../ in a .qp file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-45866</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-45866</url>
    </references>
    <dates>
      <discovery>2022-11-23</discovery>
      <entry>2023-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="bfca647c-0456-11ee-bafd-b42e991fc52e">
    <topic>Kanboard -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php80-kanboard</name>
	<range><lt>1.2.30</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p></p>
	<p>Kanboard is project management software that focuses on the Kanban
	methodology. The last update includes 4 vulnerabilities:</p>
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f">
	  <ul>
	    <li>Missing access control in internal task links feature</li>
	    <li>Stored Cross site scripting in the Task External Link Functionality in Kanboard</li>
	    <li>Missing Access Control allows User to move and duplicate tasks in Kanboard</li>
	    <li>Parameter based Indirect Object Referencing leading to private file exposure in Kanboard</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-33970</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-33970</url>
      <cvename>CVE-2023-33969</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-33969</url>
      <cvename>CVE-2023-33968</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-33968</url>
      <cvename>CVE-2023-33956</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-33956</url>
    </references>
    <dates>
      <discovery>2023-06-05</discovery>
      <entry>2023-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="eb9a3c57-ff9e-11ed-a0d1-84a93843eb75">
    <topic>OpenSSL -- Possible DoS translating ASN.1 identifiers</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1u,1</lt></range>
      </package>
      <package>
	<name>openssl30</name>
	<range><lt>3.0.9</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.1</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230530.txt">
	  <p>Severity: Moderate. Processing some specially crafted ASN.1
	    object identifiers or data containing them may be very slow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2650</cvename>
      <url>https://www.openssl.org/news/secadv/20230530.txt</url>
    </references>
    <dates>
      <discovery>2023-05-30</discovery>
      <entry>2023-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="79514fcd-feb4-11ed-92b5-b42e991fc52e">
    <topic>Kanboard -- Clipboard based cross-site scripting (blocked with default CSP) in Kanboard</topic>
    <affects>
      <package>
	<name>php80-kanboard</name>
	<range><lt>1.2.29</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/kanboard/kanboard/commit/26b6eebb78d4306e48b836a58f7c386251aa2bc7">
	  <p>Kanboard is project management software that focuses on the Kanban
	methodology.  Due to improper handling of elements under the
	`contentEditable` element, maliciously crafted clipboard content
	can inject arbitrary HTML tags into the DOM.  A low-privileged
	attacker with permission to attach a document on a vulnerable
	Kanboard instance can trick the victim into pasting malicious
	screenshot data and achieve cross-site scripting if CSP is improperly
	configured.  This issue has been patched in version 1.2.29.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-32685</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-32685</url>
    </references>
    <dates>
      <discovery>2023-05-30</discovery>
      <entry>2023-05-30</entry>
    </dates>
  </vuln>

  <vuln vid="fd87a250-ff78-11ed-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>114.0.5735.90</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>114.0.5735.90</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html">
	 <p>This update includes 16 security fixes:</p>
	 <ul>
	    <li>[1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25</li>
	    <li>[1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08</li>
	    <li>[1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10</li>
	    <li>[1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11</li>
	    <li>[1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong  on 2023-05-15</li>
	    <li>[1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01</li>
	    <li>[1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27</li>
	    <li>[1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08</li>
	    <li>[1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08</li>
	    <li>[1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15</li>
	    <li>[1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24</li>
	    <li>[1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22</li>
	    <li>[1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2929</cvename>
      <cvename>CVE-2023-2930</cvename>
      <cvename>CVE-2023-2931</cvename>
      <cvename>CVE-2023-2932</cvename>
      <cvename>CVE-2023-2933</cvename>
      <cvename>CVE-2023-2934</cvename>
      <cvename>CVE-2023-2935</cvename>
      <cvename>CVE-2023-2936</cvename>
      <cvename>CVE-2023-2937</cvename>
      <cvename>CVE-2023-2938</cvename>
      <cvename>CVE-2023-2939</cvename>
      <cvename>CVE-2023-2940</cvename>
      <cvename>CVE-2023-2941</cvename>
      <url>https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2023-05-30</discovery>
      <entry>2023-05-31</entry>
    </dates>
  </vuln>

  <vuln vid="5d1b1a0a-fd36-11ed-a0d1-84a93843eb75">
    <topic>MariaDB -- Nullpointer dereference</topic>
    <affects>
      <package>
	<name>mariadb1011-server</name>
	<range><lt>10.11.3</lt></range>
      </package>
      <package>
	<name>mariadb106-server</name>
	<range><lt>10.6.13</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.20</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.29</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.39</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MariaDB project reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/security/">
	  <p>MariaDB Server is vulnerable to Denial of Service. It is possible for
	    function spider_db_mbase::print_warnings to dereference a null pointer.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-47015</cvename>
      <url>https://mariadb.com/kb/en/security/</url>
    </references>
    <dates>
      <discovery>2023-05-10</discovery>
      <entry>2023-05-28</entry>
    </dates>
  </vuln>

  <vuln vid="7d6be8d4-f812-11ed-a7ff-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2023-04-23">
	  <p>Multiple XSS vulnerabilities</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620/</url>
      <url>https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78/</url>
    </references>
    <dates>
      <discovery>2023-05-17</discovery>
      <entry>2023-05-21</entry>
    </dates>
  </vuln>

  <vuln vid="a4f8bb03-f52f-11ed-9859-080027083a05">
    <topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>8.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <p>This update fixes 4 security vulnerabilities:</p>
	    <ul>
	      <li>Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21</li>
	      <li>Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02</li>
	      <li>Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17</li>
	      <li>Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19</li>
	    </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28319</cvename>
	<url>https://curl.se/docs/CVE-2023-28319.html</url>
	<cvename>CVE-2023-28320</cvename>
	<url>https://curl.se/docs/CVE-2023-28320.html</url>
	<cvename>CVE-2023-28321</cvename>
	<url>https://curl.se/docs/CVE-2023-28321.html</url>
	<cvename>CVE-2023-28322</cvename>
	<url>https://curl.se/docs/CVE-2023-28322.html</url>
    </references>
    <dates>
      <discovery>2023-03-21</discovery>
      <entry>2023-05-19</entry>
    </dates>
  </vuln>

  <vuln vid="1ab7357f-a3c2-406a-89fb-fd00e49a71b5">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.9">
	  <p> A specially-crafted series of FTP packets with a CMD
	  command with a large path followed by a very large number
	  of replies could cause Zeek to spend a long time processing
	  the data. </p>
	  <p> A specially-crafted with a truncated header can cause
	  Zeek to overflow memory and potentially crash. </p>
	  <p> A specially-crafted series of SMTP packets can cause
	  Zeek to generate a very large number of events and take
	  a long time to process them. </p>
	  <p> A specially-crafted series of POP3 packets containing
	  MIME data can cause Zeek to spend a long time dealing
	  with each individual file ID. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.9</url>
    </references>
    <dates>
      <discovery>2023-05-19</discovery>
      <entry>2023-05-19</entry>
    </dates>
  </vuln>

  <vuln vid="b09d77d0-b27c-48ae-b69b-9641bb68b39e">
    <topic>electron -- vulnerability</topic>
    <affects>
      <package>
	<name>electron22</name>
	<range><lt>22.3.10</lt></range>
      </package>
      <package>
	<name>electron23</name>
	<range><lt>23.3.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Electron developers report:</p>
	<blockquote cite="https://github.com/electron/electron/releases/tag/v22.3.10">
	  <p>This update fixes the following vulnerability:</p>
	  <ul>
	    <li>Security: backported fix for CVE-2023-29469</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-29469</cvename>
      <url>https://github.com/advisories/GHSA-7jv7-hr35-fwjr</url>
    </references>
    <dates>
      <discovery>2023-05-17</discovery>
      <entry>2023-05-18</entry>
    </dates>
  </vuln>

  <vuln vid="bea52545-f4a7-11ed-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>113.0.5672.126</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>113.0.5672.126</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html">
	 <p>This update includes 12 security fixes:</p>
	 <ul>
	    <li>[1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10</li>
	    <li>[1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14</li>
	    <li>[1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21</li>
	    <li>[1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14</li>
	    <li>[1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04</li>
	    <li>[1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2721</cvename>
      <cvename>CVE-2023-2722</cvename>
      <cvename>CVE-2023-2723</cvename>
      <cvename>CVE-2023-2724</cvename>
      <cvename>CVE-2023-2725</cvename>
      <cvename>CVE-2023-2726</cvename>
      <url>https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html</url>
    </references>
    <dates>
      <discovery>2023-05-16</discovery>
      <entry>2023-05-17</entry>
    </dates>
  </vuln>

  <vuln vid="4a08a4fb-f152-11ed-9c88-001b217b3468">
    <topic>Gitlab -- Vulnerability</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.11.0</ge><lt>15.11.3</lt></range>
	<range><ge>15.10.0</ge><lt>15.10.7</lt></range>
	<range><ge>9.0</ge><lt>15.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/">
	  <p>Smuggling code changes via merge requests with refs/replace</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2181</cvename>
      <url>https://about.gitlab.com/releases/2023/05/10/security-release-gitlab-15-11-3-released/</url>
    </references>
    <dates>
      <discovery>2023-05-10</discovery>
      <entry>2023-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="ec63bc8e-f092-11ed-85ca-001517a2e1a4">
    <topic>piwigo -- SQL injection</topic>
    <affects>
      <package>
	<name>piwigo</name>
	<range><lt>13.7.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Piwigo reports:</p>
	<blockquote cite="https://www.piwigo.org/release-13.7.0">
	  <p>Piwigo is affected by multiple SQL injection issues.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.piwigo.org/release-13.7.0</url>
    </references>
    <dates>
      <discovery>2023-03-01</discovery>
      <entry>2023-05-12</entry>
    </dates>
  </vuln>

  <vuln vid="4b636f50-f011-11ed-bbae-6cc21735f730">
    <topic>postgresql-server -- Row security policies disregard user ID changes after inlining</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>15.3</lt></range>
	<range><lt>14.8</lt></range>
	<range><lt>13.11</lt></range>
	<range><lt>12.15</lt></range>
	<range><lt>11.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-2455/">
	  <p>
	    While CVE-2016-2193 fixed most interaction between row security and
	    user ID changes, it missed a scenario involving function
	    inlining. This leads to potentially incorrect policies being
	    applied in cases where role-specific policies are used and a
	    given query is planned under one role and then executed under
	    other roles. This scenario can happen under security definer
	    functions or when a common user and query is planned
	    initially and then re-used across multiple SET ROLEs.
	    Applying an incorrect policy may permit a user to complete
	    otherwise-forbidden reads and modifications. This affects
	    only databases that have used CREATE POLICY to define a row
	    security policy.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2455</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-2455/</url>
    </references>
    <dates>
      <discovery>2023-05-11</discovery>
      <entry>2023-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="fbb5a260-f00f-11ed-bbae-6cc21735f730">
    <topic>postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes</topic>
    <affects>
      <package>
	<name>postgresql-server</name>
	<range><lt>15.3</lt></range>
	<range><lt>14.8</lt></range>
	<range><lt>13.11</lt></range>
	<range><lt>12.15</lt></range>
	<range><lt>11.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2023-2454/">
	  <p>
	    This enabled an attacker having database-level CREATE
	    privilege to execute arbitrary code as the bootstrap
	    superuser. Database owners have that right by default,
	    and explicit grants may extend it to other users.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2454</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2023-2454/</url>
    </references>
    <dates>
      <discovery>2023-05-11</discovery>
      <entry>2023-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="7913fe6d-2c6e-40ba-a7d7-35696f3db2b6">
    <topic>vscode -- Visual Studio Code Information Disclosure Vulnerability</topic>
    <affects>
      <package>
	<name>vscode</name>
	<range><lt>1.78.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>secure@microsoft.com reports:</p>
	<blockquote cite="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338">
	  <p>Visual Studio Code Information Disclosure Vulnerability</p>
	  <p>A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-29338</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-29338</url>
      <url>https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr</url>
    </references>
    <dates>
      <discovery>2023-05-09</discovery>
      <entry>2023-05-10</entry>
    </dates>
  </vuln>

  <vuln vid="68958e18-ed94-11ed-9688-b42e991fc52e">
    <topic>glpi -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>glpi</name>
	<range><lt>10.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>glpi Project reports:</p>
	<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.7">
	  <p>Multiple vulnerabilities found and fixed in this version:</p>
	  <ul>
	    <li>High CVE-2023-28849: SQL injection and Stored XSS via inventory agent request.</li>
	    <li>High CVE-2023-28632: Account takeover by authenticated user.</li>
	    <li>High CVE-2023-28838: SQL injection through dynamic reports.</li>
	    <li>Moderate CVE-2023-28852: Stored XSS through dashboard administration.</li>
	    <li>Moderate CVE-2023-28636: Stored XSS on external links.</li>
	    <li>Moderate CVE-2023-28639: Reflected XSS in search pages.</li>
	    <li>Moderate CVE-2023-28634: Privilege Escalation from technician to super-admin.</li>
	    <li>Low CVE-2023-28633: Blind Server-Side Request Forgery (SSRF) in RSS feeds.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28849</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28849</url>
      <cvename>CVE-2023-28632</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28632</url>
      <cvename>CVE-2023-28838</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28838</url>
      <cvename>CVE-2023-28852</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28852</url>
      <cvename>CVE-2023-28636</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28636</url>
      <cvename>CVE-2023-28639</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28639</url>
      <cvename>CVE-2023-28634</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28634</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-05-08</entry>
    </dates>
  </vuln>

  <vuln vid="96b2d4db-ddd2-11ed-b6ea-080027f5fec9">
    <topic>redis -- HINCRBYFLOAT can be used to crash a redis-server process</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.11</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.12</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6">
	  <p>
	    Authenticated users can use the HINCRBYFLOAT command to
	    create an invalid hash field that may later crash Redis on
	    access.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28856</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6</url>
    </references>
    <dates>
      <discovery>2023-04-17</discovery>
      <entry>2023-05-08</entry>
    </dates>
  </vuln>

  <vuln vid="89fdbd85-ebd2-11ed-9c88-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.11.0</ge><lt>15.11.2</lt></range>
	<range><ge>15.10.0</ge><lt>15.10.6</lt></range>
	<range><ge>9.0</ge><lt>15.9.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/">
	  <p>Malicious Runner Attachment via GraphQL</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2478</cvename>
      <url>https://about.gitlab.com/releases/2023/05/05/critical-security-release-gitlab-15-11-2-released/</url>
    </references>
    <dates>
      <discovery>2023-05-05</discovery>
      <entry>2023-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="d55e1b4d-eadc-11ed-9cc0-080027de9982">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<name>py311-django32</name>
	<range><lt>3.2.19</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<name>py311-django41</name>
	<range><lt>4.1.9</lt></range>
      </package>
      <package>
	<name>py38-django42</name>
	<name>py39-django42</name>
	<name>py310-django42</name>
	<name>py311-django42</name>
	<range><lt>4.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/may/03/security-releases/">
	  <p>CVE-2023-31047: Potential bypass of validation when uploading multiple
	    files using one form field.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-31047</cvename>
      <url>https://www.djangoproject.com/weblog/2023/may/03/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-05-01</discovery>
      <entry>2023-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="246174d3-e979-11ed-8290-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>113.0.5672.63</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>113.0.5672.63</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html">
	 <p>This update includes 15 security fixes:</p>
	 <ul>
	    <li>[1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10</li>
	    <li>[1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27</li>
	    <li>[1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06</li>
	    <li>[1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17</li>
	    <li>[1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10</li>
	    <li>[1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23</li>
	    <li>[1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10</li>
	    <li>[1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17</li>
	    <li>[1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07</li>
	    <li>[1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2459</cvename>
      <cvename>CVE-2023-2460</cvename>
      <cvename>CVE-2023-2461</cvename>
      <cvename>CVE-2023-2462</cvename>
      <cvename>CVE-2023-2463</cvename>
      <cvename>CVE-2023-2464</cvename>
      <cvename>CVE-2023-2465</cvename>
      <cvename>CVE-2023-2466</cvename>
      <cvename>CVE-2023-2467</cvename>
      <cvename>CVE-2023-2468</cvename>
      <url>https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-05-03</discovery>
      <entry>2023-05-03</entry>
    </dates>
  </vuln>

  <vuln vid="4ffcccae-e924-11ed-9c88-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.11.0</ge><lt>15.11.1</lt></range>
	<range><ge>15.10.0</ge><lt>15.10.5</lt></range>
	<range><ge>9.0</ge><lt>15.9.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/">
	  <p>Privilege escalation for external users when OIDC is enabled under certain conditions</p>
	  <p>Account takeover through open redirect for Group SAML accounts</p>
	  <p>Users on banned IP addresses can still commit to projects</p>
	  <p>User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables</p>
	  <p>The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release.</p>
	  <p>Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban.</p>
	  <p>The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.</p>
	  <p>XSS and content injection and iframe injection when viewing raw files on iOS devices</p>
	  <p>Authenticated users can find other users by their private email</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2182</cvename>
      <cvename>CVE-2023-1965</cvename>
      <cvename>CVE-2023-1621</cvename>
      <cvename>CVE-2023-2069</cvename>
      <cvename>CVE-2023-1178</cvename>
      <cvename>CVE-2023-0805</cvename>
      <cvename>CVE-2023-0756</cvename>
      <cvename>CVE-2023-1836</cvename>
      <cvename>CVE-2022-4376</cvename>
      <url>https://about.gitlab.com/releases/2023/05/02/security-release-gitlab-15-11-1-released/</url>
    </references>
    <dates>
      <discovery>2023-05-02</discovery>
      <entry>2023-05-02</entry>
    </dates>
  </vuln>

  <vuln vid="02562a78-e6b7-11ed-b0ce-b42e991fc52e">
    <topic>cloud-init -- sensitive data exposure in cloud-init logs</topic>
    <affects>
      <package>
	<name>cloud-init</name>
	<range><lt>23.1.2</lt></range>
      </package>
      <package>
	<name>cloud-init-devel</name>
	<range><lt>23.1.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>security@ubuntu.com reports:</p>
	<blockquote cite="https://bugs.launchpad.net/cloud-init/+bug/2013967">
	  <p>Sensitive data could be exposed in logs of cloud-init before version
	23.1.2.  An attacker could use this information to find hashed
	passwords and possibly escalate their privilege.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1786</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-1786</url>
    </references>
    <dates>
      <discovery>2023-04-26</discovery>
      <entry>2023-04-29</entry>
    </dates>
  </vuln>

  <vuln vid="4da51989-5a8b-4eb9-b442-46d94ec0802d">
      <topic>h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service</topic>
    <affects>
      <package>
    <name>h2o</name>
    <range><le>2.2.6</le></range>
      </package>
      <package>
    <name>h2o-devel</name>
    <range><lt>2.3.0.d.20230427</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Elijah Glover reports:</p>
    <blockquote cite="https://github.com/h2o/h2o/issues/3228">
       <p>
       Malformed HTTP/1.1 requests can crash worker processes.
       occasionally locking up child workers and causing denial of
       service, and an outage dropping any open connections.
       </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-30847</cvename>
      <url>https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx</url>
    </references>
    <dates>
      <discovery>2023-04-27</discovery>
      <entry>2023-04-30</entry>
    </dates>
  </vuln>

  <vuln vid="d2c6173f-e43b-11ed-a1d7-002590f2a714">
    <topic>git -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.40.1</lt></range>
      </package>
      <package>
	<name>git-lite</name>
	<range><lt>2.40.1</lt></range>
      </package>
      <package>
	<name>git-tiny</name>
	<range><lt>2.40.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git developers reports:</p>
	<blockquote cite="INSERT URL HERE">
	  <p>This update includes 2 security fixes:</p>
	  <ul>
	     <li>CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch)</li>
	     <li>CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config.  This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25652</cvename>
      <url>https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx</url>
      <cvename>CVE-2023-29007</cvename>
      <url>https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844</url>
    </references>
    <dates>
      <discovery>2023-04-25</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="0b85b1cd-e468-11ed-834b-6c3be5272acd">
    <topic>Grafana -- Critical vulnerability in golang</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.24</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.24</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/">
	  <p>An issue in how go handles backticks (`) with Javascript can lead to
	  an injection of arbitrary code into go templates. While Grafana Labs software
	  contains potentially vulnerable versions of go, we have not identified any
	  exploitable use cases at this time.</p>
	  <p>The CVSS score for this vulnerability is 0.0 (adjusted), 9.8 (base).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24538</cvename>
      <url>https://grafana.com/blog/2023/04/26/precautionary-patches-for-grafana-released-following-critical-go-vulnerability-cve-2023-24538/</url>
    </references>
    <dates>
      <discovery>2023-04-19</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="5e257b0d-e466-11ed-834b-6c3be5272acd">
    <topic>Grafana -- Exposure of sensitive information to an unauthorized actor</topic>
    <affects>
      <package>
	<name>grafana</name>
	<name>grafana9</name>
	<range><ge>9.1.0</ge><lt>9.2.17</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.13</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/">
	  <p>When setting up Grafana, there is an option to enable
	  <a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/">
	  JWT authentication</a>. Enabling this will allow users to authenticate towards
	  the Grafana instance with a special header (default <code>X-JWT-Assertion</code>
	  ).</p>
	  <p>In Grafana, there is an additional way to authenticate using JWT called
	  <a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/jwt/#url-login">
	  URL login</a> where the token is passed as a query parameter.</p>
	  <p>When using this option, a JWT token is passed to the data source as a header,
	  which leads to exposure of sensitive information to an unauthorized party.</p>
	  <p>The CVSS score for this vulnerability is 4.2 Medium</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1387</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-1387/</url>
    </references>
    <dates>
      <discovery>2023-04-26</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="c676bb1b-e3f8-11ed-b37b-901b0e9408dc">
    <topic>element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting</topic>
    <affects>
      <package>
	<name>element-web</name>
	<range><lt>1.11.30</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://github.com/advisories/GHSA-xv83-x443-7rmw">
	  <p>matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP
	client into a web page.  Prior to version 3.71.0, plain text messages
	containing HTML tags are rendered as HTML in the search results.
	To exploit this, an attacker needs to trick a user into searching
	for a specific message containing an HTML injection payload.  No
	cross-site scripting attack is possible due to the hardcoded content
	security policy.  Version 3.71.0 of the SDK patches over the issue.
	As a workaround, restarting the client will clear the HTML injection.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-30609</cvename>
      <url>https://github.com/advisories/GHSA-xv83-x443-7rmw</url>
    </references>
    <dates>
      <discovery>2023-04-25</discovery>
      <entry>2023-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="4ee322e9-e363-11ed-b934-b42e991fc52e">
    <topic>jellyfin -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jellyfin</name>
	<range><lt>10.8.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>security-advisories@github.com reports:</p>
	<blockquote cite="https://github.com/jellyfin/jellyfin-web/security/advisories/GHSA-89hp-h43h-r5pq">
	  <p>Jellyfin is a free-software media system.  Versions starting with
	10.8.0 and prior to 10.8.10 and prior have a directory traversal
	vulnerability inside the `ClientLogController`, specifically
	`/ClientLog/Document`.  When combined with a cross-site scripting
	vulnerability (CVE-2023-30627), this can result in file write and
	arbitrary code execution.  Version 10.8.10 has a patch for this
	issue.  There are no known workarounds.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-30626</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-30626</url>
      <cvename>CVE-2023-30627</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-30627</url>
    </references>
    <dates>
      <discovery>2023-04-24</discovery>
      <entry>2023-04-25</entry>
    </dates>
  </vuln>

  <vuln vid="bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2023-04-23">
	  <p>XSS</p>
	  <p>email address manipulation</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540/</url>
      <url>https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d/</url>
      <url>https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e/</url>
      <url>https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b/</url>
    </references>
    <dates>
      <discovery>2023-04-23</discovery>
      <entry>2023-04-24</entry>
    </dates>
  </vuln>

  <vuln vid="f504a8d2-e105-11ed-85f6-84a93843eb75">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-java</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-client57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.33</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 34 new security patches, plus
	    additional third party patches noted below, for Oracle MySQL. 11 of
	    these vulnerabilities may be remotely exploitable without
	    authentication, i.e., may be exploited over a network without
	    requiring user credentials.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37434</cvename>
      <cvename>CVE-2023-21912</cvename>
      <cvename>CVE-2023-21980</cvename>
      <cvename>CVE-2023-21946</cvename>
      <cvename>CVE-2023-21929</cvename>
      <cvename>CVE-2023-21971</cvename>
      <cvename>CVE-2023-21911</cvename>
      <cvename>CVE-2023-21962</cvename>
      <cvename>CVE-2023-21919</cvename>
      <cvename>CVE-2023-21933</cvename>
      <cvename>CVE-2023-21972</cvename>
      <cvename>CVE-2023-21966</cvename>
      <cvename>CVE-2023-21913</cvename>
      <cvename>CVE-2023-21917</cvename>
      <cvename>CVE-2023-21920</cvename>
      <cvename>CVE-2023-21935</cvename>
      <cvename>CVE-2023-21945</cvename>
      <cvename>CVE-2023-21976</cvename>
      <cvename>CVE-2023-21977</cvename>
      <cvename>CVE-2023-21982</cvename>
      <cvename>CVE-2023-21953</cvename>
      <cvename>CVE-2023-21955</cvename>
      <cvename>CVE-2023-21940</cvename>
      <cvename>CVE-2023-21947</cvename>
      <cvename>CVE-2023-21963</cvename>
      <url>https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2023-04-19</discovery>
      <entry>2023-04-22</entry>
      <modified>2023-04-22</modified>
    </dates>
  </vuln>

  <vuln vid="90c48c04-d549-4fc0-a503-4775e32d438e">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>112.0.5615.165</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>112.0.5615.165</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html">
	 <p>This update includes 8 security fixes:</p>
	 <ul>
	    <li>[1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30</li>
	    <li>[1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30</li>
	    <li>[1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14</li>
	    <li>[1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12</li>
	    <li>[1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2133</cvename>
      <cvename>CVE-2023-2134</cvename>
      <cvename>CVE-2023-2135</cvename>
      <cvename>CVE-2023-2136</cvename>
      <cvename>CVE-2023-2137</cvename>
      <url>https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html</url>
    </references>
    <dates>
      <discovery>2023-04-20</discovery>
      <entry>2023-04-20</entry>
    </dates>
  </vuln>

  <vuln vid="0bd7f07b-dc22-11ed-bf28-589cfc0f81b0">
    <topic>libxml2 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libxml2</name>
	<range><lt>2.10.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The libxml2 project reports:</p>
	<blockquote cite="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">
	  <p>Hashing of empty dict strings isn't deterministic</p>
	  <p>Fix null deref in xmlSchemaFixupComplexType</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28484</cvename>
      <cvename>CVE-2023-29469</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=2185984</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=2185994</url>
    </references>
    <dates>
      <discovery>2023-04-11</discovery>
      <entry>2023-04-16</entry>
    </dates>
  </vuln>

  <vuln vid="e8b20517-dbb6-11ed-bf28-589cfc0f81b0">
    <topic>mod_gnutls -- Infinite Loop on request read timeout</topic>
    <affects>
      <package>
	<name>ap24-mod_gnutls</name>
	<range><lt>0.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The mod_gnutls project reports:</p>
	<blockquote cite="https://lists.gnupg.org/pipermail/mod_gnutls-devel/2023-February/000221.html">
	  <p>Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.  Versions
	  from 0.9.0 to 0.12.0 (including) did not properly fail blocking
	  read operations on TLS connections when the transport hit timeouts.
	  Instead it entered an endless loop retrying the read operation,
	  consuming CPU resources.  This could be exploited for denial of
	  service attacks.  If trace level logging was enabled, it would also
	  produce an excessive amount of log output during the loop, consuming
	  disk space.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25824</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-25824</url>
      <url>https://mod.gnutls.org/browser/mod_gnutls/CHANGELOG?rev=17b2836dc3e27754159ffb098323a4cd4426192f</url>
    </references>
    <dates>
      <discovery>2023-02-23</discovery>
      <entry>2023-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="6f0327d4-9902-4042-9b68-6fc2266944bc">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>112.0.5615.121</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>112.0.5615.121</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html">
	 <p>This update includes 2 security fixes:</p>
	 <ul>
	   <li>[1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-2033</cvename>
      <url>https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2023-04-14</discovery>
      <entry>2023-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="25872b25-da2d-11ed-b715-a1e76793953b">
    <topic>ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter</topic>
    <affects>
      <package><name>ghostscript</name> <range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript7-base</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript7-commfont</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript7-jpnfont</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript7-korfont</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript7-x11</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript8-base</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript8-x11</name><range><lt>10.01.1</lt></range></package>
      <package><name>ghostscript9-agpl-base</name><range><lt>9.56.1_10</lt></range></package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cve@mitre.org reports:</p>
	<blockquote cite="http://www.openwall.com/lists/oss-security/2023/04/12/4">
	  <p>In Artifex Ghostscript through 10.01.0, there is a buffer overflow
	leading to potential corruption of data internal to the PostScript
	interpreter, in base/sbcp.c.  This affects BCPEncode, BCPDecode,
	TBCPEncode, and TBCPDecode.  If the write buffer is filled to one
	byte less than full, and one then tries to write an escaped character,
	two bytes are written.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28879</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-28879</url>
      <url>https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript</url>
    </references>
    <dates>
      <discovery>2023-03-23</discovery>
      <entry>2023-04-13</entry>
      <modified>2023-04-28</modified>
    </dates>
  </vuln>

  <vuln vid="96d6809a-81df-46d4-87ed-2f78c79f06b1">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.8">
	  <p> Receiving DNS responses from async DNS requests (via
	  A specially-crafted stream of FTP packets containing a
	  command reply with many intermediate lines can cause Zeek
	  to spend a large amount of time processing data. </p>
	  <p> A specially-crafted set of packets containing extremely
	  large file offsets cause cause the reassembler code to
	  allocate large amounts of memory. </p>
	  <p> The DNS manager does not correctly expire responses
	  that don't contain any data, such those containing NXDOMAIN
	  or NODATA status codes. This can lead to Zeek allocating
	  large amounts of memory for these responses and never
	  deallocating them. </p>
	  <p> A specially-crafted stream of RDP packets can cause
	  Zeek to spend large protocol validation. </p>
	  <p> A specially-crafted stream of SMTP packets can cause
	  Zeek to spend large amounts of time processing data. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.8</url>
    </references>
    <dates>
      <discovery>2023-04-12</discovery>
      <entry>2023-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="b54abe9d-7024-4d10-98b2-180cf1717766">
    <topic>py-beaker -- arbitrary code execution vulnerability</topic>
    <affects>
      <package>
    <name>py37-beaker</name>
    <name>py38-beaker</name>
    <name>py39-beaker</name>
    <name>py310-beaker</name>
    <name>py311-beaker</name>
    <range><le>1.12.1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>matheusbrat reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-216">
      <p>The Beaker library through 1.12.1 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-7489</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-216</url>
    </references>
    <dates>
      <discovery>2020-06-26</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="374793ad-2720-4c4a-b86c-fc4a1780deac">
    <topic>py-psutil -- double free vulnerability</topic>
    <affects>
      <package>
    <name>py37-psutil121</name>
    <name>py38-psutil121</name>
    <name>py39-psutil121</name>
    <name>py310-psutil121</name>
    <name>py311-psutil121</name>
    <range><lt>5.6.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>ret2libc reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-41">
      <p>psutil (aka python-psutil) through 5.6.5 can have a double free.</p>
      <p>This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-18874</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-41</url>
      <url>https://osv.dev/vulnerability/GHSA-qfc5-mcwq-26q8</url>
    </references>
    <dates>
      <discovery>2019-11-12</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="e1b77733-a982-442e-8796-a200571bfcf2">
    <topic>py-ansible -- multiple vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-ansible</name>
    <name>py38-ansible</name>
    <name>py39-ansible</name>
    <name>py310-ansible</name>
    <name>py311-ansible</name>
    <range><le>7.2.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>abeluck reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-220">
      <p>A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed.</p>
      <p>Files would remain in the bucket exposing the data.</p>
      <p>This issue affects directly data confidentiality.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-221">
      <p>A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.</p>
      <p>Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes.</p>
      <p>This issue affects mainly the service availability.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25635</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-220</url>
      <cvename>CVE-2020-25636</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-221</url>
    </references>
    <dates>
      <discovery>2020-10-05</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="f418cd50-561a-49a2-a133-965d03ede72a">
    <topic>py-ansible -- data leak vulnerability</topic>
    <affects>
      <package>
    <name>py37-ansible</name>
    <name>py38-ansible</name>
    <name>py39-ansible</name>
    <name>py310-ansible</name>
    <name>py311-ansible</name>
    <range><le>7.1.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Tapas jena reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-125">
      <p>A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.</p>
      <p>Any secret information in an async status file will be readable by a malicious user on that system.</p>
      <p>This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3532</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-125</url>
    </references>
    <dates>
      <discovery>2021-06-09</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="2acdf364-9f8d-4aaf-8d1b-867fdfd771c6">
    <topic>py-kerberos -- DoS and MitM vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-kerberos</name>
    <name>py38-kerberos</name>
    <name>py39-kerberos</name>
    <name>py310-kerberos</name>
    <name>py311-kerberos</name>
    <range><le>1.3.1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>macosforgebot reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2017-49">
      <p>The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-3206</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2017-49</url>
    </references>
    <dates>
      <discovery>2017-08-25</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="c1a8ed1c-2814-4260-82aa-9e37c83aac93">
    <topic>py-cryptography -- includes a vulnerable copy of OpenSSL</topic>
    <affects>
      <package>
    <name>py37-cryptography</name>
    <name>py38-cryptography</name>
    <name>py39-cryptography</name>
    <name>py310-cryptography</name>
    <name>py311-cryptography</name>
    <range><lt>39.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-x4qr-2fvf-3mr5">
      <p>pyca/cryptography's wheels include a statically linked copy of OpenSSL.</p>
      <p>The versions of OpenSSL included in cryptography 0.8.1-39.0.0  are vulnerable to a security issue.</p>
      <p>More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt.</p>
      <p>If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL.</p>
      <p>Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0286</cvename>
      <url>https://osv.dev/vulnerability/GHSA-x4qr-2fvf-3mr5</url>
    </references>
    <dates>
      <discovery>2023-02-08</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="a32ef450-9781-414b-a944-39f2f61677f2">
    <topic>py-cryptography -- allows programmers to misuse an API</topic>
    <affects>
      <package>
    <name>py37-cryptography</name>
    <name>py38-cryptography</name>
    <name>py39-cryptography</name>
    <name>py310-cryptography</name>
    <name>py311-cryptography</name>
    <range><ge>1.8</ge><lt>39.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>alex reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-w7pp-m8wf-vj6r">
      <p>Previously, `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers.</p>
      <p>This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python.</p>
      <p>This is a soundness bug -- it allows programmers to misuse an API, it cannot be exploited by attacker controlled data alone.</p>
      <p>This now correctly raises an exception.</p>
      <p>This issue has been present since `update_into` was originally introduced in cryptography 1.8.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23931</cvename>
      <url>https://osv.dev/vulnerability/GHSA-w7pp-m8wf-vj6r</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="ae132c6c-d716-11ed-956f-7054d21a9e2a">
    <topic>py-tensorflow -- denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py37-tensorflow</name>
    <name>py38-tensorflow</name>
    <name>py39-tensorflow</name>
    <name>py310-tensorflow</name>
    <name>py311-tensorflow</name>
    <range><lt>2.8.4</lt></range>
    <range><ge>2.9.0</ge><lt>2.9.3</lt></range>
    <range><ge>2.10.0</ge><lt>2.10.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Kang Hong Jin, Neophytos Christou, 刘力源 and Pattarakrit Rattankul report:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc">
      <p>Another instance of CVE-2022-35935, where `SobolSample` is vulnerable to a denial of service via assumed scalar inputs, was found and fixed.</p>
    </blockquote>
    <p>Pattarakrit Rattankul reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m">
      <p>Another instance of CVE-2022-35991, where `TensorListScatter` and `TensorListScatterV2` crash via non scalar inputs in`element_shape`, was found in eager mode and fixed.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35935</cvename>
      <url>https://osv.dev/vulnerability/GHSA-cqvq-fvhr-v6hc</url>
      <cvename>CVE-2022-35991</cvename>
      <url>https://osv.dev/vulnerability/GHSA-xf83-q765-xm6m</url>
    </references>
    <dates>
      <discovery>2022-11-21</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="52311651-f100-4720-8c62-0887dad6d321">
    <topic>py-tensorflow -- unchecked argument causing crash</topic>
    <affects>
      <package>
    <name>py37-tensorflow</name>
    <name>py38-tensorflow</name>
    <name>py39-tensorflow</name>
    <name>py310-tensorflow</name>
    <name>py311-tensorflow</name>
    <range><lt>2.7.2</lt></range>
    <range><ge>2.8.0</ge><lt>2.8.1</lt></range>
    <range><ge>2.9.0</ge><lt>2.9.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Jingyi Shi reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5">
      <p>The 'AvgPoolOp' function takes an argument `ksize` that must be positive but is not checked.</p>
      <p>A negative `ksize` can trigger a `CHECK` failure and crash the program.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35941</cvename>
      <url>https://osv.dev/vulnerability/GHSA-mgmh-g2v6-mqw5</url>
    </references>
    <dates>
      <discovery>2022-09-16</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="951b513a-9f42-436d-888d-2162615d0fe4">
    <topic>py-pymatgen -- regular expression denial of service</topic>
    <affects>
      <package>
    <name>py37-pymatgen</name>
    <name>py38-pymatgen</name>
    <name>py39-pymatgen</name>
    <name>py310-pymatgen</name>
    <name>py311-pymatgen</name>
    <range><le>2022.9.21</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32">
      <p>An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-42964</cvename>
      <url>https://osv.dev/vulnerability/GHSA-5jqp-885w-xj32</url>
    </references>
    <dates>
      <discovery>2022-11-10</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="e87a9326-dd35-49fc-b20b-f57cbebaae87">
    <topic>py-nicotine-plus -- Denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py37-nicotine-plus</name>
    <name>py38-nicotine-plus</name>
    <name>py39-nicotine-plus</name>
    <name>py310-nicotine-plus</name>
    <name>py311-nicotine-plus</name>
    <range><lt>3.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>ztauras reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-p4v2-r99v-wjc2">
      <p>Denial of service (DoS) vulnerability in Nicotine+ starting with version 3.0.3 and prior to version 3.2.1 allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45848</cvename>
      <url>https://osv.dev/vulnerability/GHSA-p4v2-r99v-wjc2</url>
    </references>
    <dates>
      <discovery>2022-03-16</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="93db4f92-9997-4f4f-8614-3963d9e2b0ec">
    <topic>py-slixmpp -- incomplete SSL certificate validation</topic>
    <affects>
      <package>
    <name>py37-slixmpp</name>
    <name>py38-slixmpp</name>
    <name>py39-slixmpp</name>
    <name>py310-slixmpp</name>
    <name>py311-slixmpp</name>
    <range><lt>1.8.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <blockquote cite="https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f">
      <p>Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-45197</cvename>
      <url>https://osv.dev/vulnerability/GHSA-q6cq-m9gm-6q2f</url>
    </references>
    <dates>
      <discovery>2022-12-25</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="b31f7029-817c-4c1f-b7d3-252de5283393">
    <topic>py-suds -- vulnerable to symlink attacks</topic>
    <affects>
      <package>
    <name>py37-suds</name>
    <name>py38-suds</name>
    <name>py39-suds</name>
    <name>py310-suds</name>
    <name>py311-suds</name>
    <range><lt>1.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>SUSE reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2013-32">
      <p>cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2013-2217</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2013-32</url>
    </references>
    <dates>
      <discovery>2013-09-23</discovery>
      <entry>2023-04-09</entry>
      <modified>2023-07-08</modified>
    </dates>
  </vuln>

  <vuln vid="b692a49c-9ae7-4958-af21-cbf8f5b819ea">
    <topic>py-impacket -- multiple path traversal vulnerabilities</topic>
    <affects>
      <package>
    <name>py37-impacket</name>
    <name>py38-impacket</name>
    <name>py39-impacket</name>
    <name>py310-impacket</name>
    <name>py311-impacket</name>
    <range><ge>0.9.10</ge><lt>0.9.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>asolino reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-17">
      <p>Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-31800</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-17</url>
      <url>https://osv.dev/vulnerability/GHSA-mj63-64x7-57xf</url>
    </references>
    <dates>
      <discovery>2021-05-05</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="326b2f3e-6fc7-4661-955d-a772760db9cf">
    <topic>py-tflite -- buffer overflow vulnerability</topic>
    <affects>
      <package>
    <name>py37-tflite</name>
    <name>py38-tflite</name>
    <name>py39-tflite</name>
    <name>py310-tflite</name>
    <name>py311-tflite</name>
    <range><lt>2.8.4</lt></range>
    <range><ge>2.9.0</ge><lt>2.9.3</lt></range>
    <range><ge>2.10.0</ge><lt>2.10.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Thibaut Goetghebuer-Planchon reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5">
      <p>The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result.</p>
      <p>Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels &gt; output_num_channels.</p>
      <p>An attacker can craft a model with a specific number of input channels in a way similar to the attached example script.</p>
      <p>It is then possible to write specific values through the bias of the layer outside the bounds of the buffer.</p>
      <p>This attack only works if the reference kernel resolver is used in the interpreter (i.e. `experimental_op_resolver_type=tf.lite.experimental.OpResolverType.BUILTIN_REF` is used).</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41894</cvename>
      <url>https://osv.dev/vulnerability/GHSA-h6q3-vv32-2cq5</url>
    </references>
    <dates>
      <discovery>2022-11-21</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="d82bcd2b-5cd6-421c-8179-b3ff0231029f">
    <topic>py-tflite -- denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py37-tflite</name>
    <name>py38-tflite</name>
    <name>py39-tflite</name>
    <name>py310-tflite</name>
    <name>py311-tflite</name>
    <range><lt>2.3.4</lt></range>
    <range><ge>2.4.0</ge><lt>2.4.3</lt></range>
    <range><ge>2.5.0</ge><lt>2.5.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Yakun Zhang of Baidu Security reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh">
      <p>An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37689</cvename>
      <url>https://osv.dev/vulnerability/GHSA-wf5p-c75w-w3wh</url>
    </references>
    <dates>
      <discovery>2021-08-25</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="a0509648-65ce-4a1b-855e-520a75bd2549">
    <topic>py-cinder -- unauthorized data access</topic>
    <affects>
      <package>
    <name>py37-cinder</name>
    <name>py38-cinder</name>
    <name>py39-cinder</name>
    <name>py310-cinder</name>
    <name>py311-cinder</name>
    <range><lt>19.1.2</lt></range>
    <range><ge>20.0.0</ge><lt>20.0.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Utkarsh Gupta reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-7h75-hwxx-qpgc">
      <p>An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.</p>
      <p>By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-47951</cvename>
      <url>https://osv.dev/vulnerability/GHSA-7h75-hwxx-qpgc</url>
    </references>
    <dates>
      <discovery>2023-01-27</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="f4a94232-7864-4afb-bbf9-ff2dc8e288d1">
    <topic>py-cinder -- data leak</topic>
    <affects>
      <package>
    <name>py37-cinder</name>
    <name>py38-cinder</name>
    <name>py39-cinder</name>
    <name>py310-cinder</name>
    <name>py311-cinder</name>
    <range><le>12.0.9</le></range>
    <range><ge>13.0.0</ge><le>13.0.9</le></range>
    <range><ge>14.0.0</ge><le>14.3.1</le></range>
    <range><ge>15.0.0</ge><le>15.6.0</le></range>
    <range><ge>16.0.0</ge><le>16.4.2</le></range>
    <range><ge>17.0.0</ge><le>17.4.0</le></range>
    <range><ge>18.0.0</ge><le>18.2.1</le></range>
    <range><ge>19.0.0</ge><le>19.2.0</le></range>
    <range><ge>20.0.0</ge><le>20.1.0</le></range>
    <range><ge>21.0.0</ge><le>21.1.0</le></range>
    <range><ge>22.0.0</ge><le>22.0.0.0rc2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Duncan Thomas reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497">
      <p>The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2014-3641</cvename>
      <url>https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497</url>
    </references>
    <dates>
      <discovery>2022-05-17</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="02e51cb3-d7e4-11ed-9f7a-5404a68ad561">
    <topic>traefik -- Use of vulnerable Go modules net/http, net/textproto</topic>
    <affects>
      <package>
	<name>traefik</name>
	<range><lt>2.9.9_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://pkg.go.dev/vuln/GO-2023-1704">
	  <p>HTTP and MIME header parsing can allocate large amounts
	     of memory, even when parsing small inputs, potentially
	     leading to a denial of service. Certain unusual patterns
	     of input data can cause the common function used to parse
	     HTTP and MIME headers to allocate substantially more
	     memory than required to hold the parsed headers. An
	     attacker can exploit this behavior to cause an HTTP
	     server to allocate large amounts of memory from a small
	     request, potentially leading to memory exhaustion and a
	     denial of service. With fix, header parsing now correctly
	     allocates only the memory required to hold parsed headers.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24534</cvename>
      <url>https://www.cve.org/CVERecord?id=CVE-2023-24534</url>
      <cvename>CVE-2023-29013</cvename>
      <url>https://www.cve.org/CVERecord?id=CVE-2023-29013</url>
    </references>
    <dates>
      <discovery>2023-03-10</discovery>
      <entry>2023-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="f767d615-01db-47e9-b4ab-07bb8d3409fd">
    <topic>py39-cinder -- insecure-credentials flaw</topic>
    <affects>
      <package>
    <name>py39-cinder</name>
    <range><lt>14.1.0</lt></range>
    <range><ge>15.0.0</ge><lt>15.2.0</lt></range>
    <range><ge>16.0.0</ge><lt>15.1.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>OpenStack project reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2020-228">
      <p>An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0.</p>
      <p>When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element.</p>
      <p>This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume.</p>
      <p>Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-10755</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2020-228</url>
    </references>
    <dates>
      <discovery>2020-06-10</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="e5d117b3-2153-4129-81ed-42b0221afa78">
    <topic>py39-OWSLib -- arbitrary file read vulnerability</topic>
    <affects>
      <package>
    <name>py39-OWSLib</name>
    <range><lt>0.28.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Jorge Rosillo reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc">
      <p>OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution for `lxml`, and could lead to arbitrary file reads from an attacker-controlled XML payload.</p>
      <p>This affects all XML parsing in the codebase.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27476</cvename>
      <url>https://osv.dev/vulnerability/GHSA-8h9c-r582-mggc</url>
    </references>
    <dates>
      <discovery>2023-03-07</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="17083017-d993-43eb-8aaf-7138f4486d1c">
    <topic>py39-unicorn -- sandbox escape and arbitrary code execution vulnerability</topic>
    <affects>
      <package>
    <name>py39-unicorn</name>
    <range><lt>2.0.0rc1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>jwang-a reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-868">
      <p>An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5.</p>
      <p>It allows local attackers to escape the sandbox.</p>
      <p>An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability.</p>
      <p>The specific flaw exists within the virtual memory manager.</p>
      <p>The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block.</p>
      <p>An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44078</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-868</url>
    </references>
    <dates>
      <discovery>2021-12-26</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="43e9ffd4-d6e0-11ed-956f-7054d21a9e2a">
    <topic>py39-pycares -- domain hijacking vulnerability</topic>
    <affects>
      <package>
    <name>py39-pycares</name>
    <range><lt>4.2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Philipp Jeitner and Haya Shulman report:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f">
      <p>A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.</p>
      <p>The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3672</cvename>
      <url>https://osv.dev/vulnerability/GHSA-c58j-88f5-h53f</url>
    </references>
    <dates>
      <discovery>2021-06-11</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="1b38aec4-4149-4c7d-851c-3c4de3a1fbd0">
    <topic>py39-setuptools -- denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py39-setuptools</name>
    <range><lt>44.1.1_1</lt></range>
    <range><ge>57.0.0</ge><lt>58.5.3_3</lt></range>
    <range><ge>62.1.0</ge><lt>63.1.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>SCH227 reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579">
      <p>Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.</p>
      <p>Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`.</p>
      <p>This has been patched in version 65.5.1. The patch backported to the revision 63.1.0_1.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40897</cvename>
      <url>https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579</url>
    </references>
    <dates>
      <discovery>2022-12-23</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="187ab98e-2953-4495-b379-4060bd4b75ee">
    <topic>py27-setuptools44 -- denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py27-setuptools44</name>
    <range><lt>44.1.1_1</lt></range>
    <range><ge>57.0.0</ge><lt>58.5.3_3</lt></range>
    <range><ge>62.1.0</ge><lt>63.1.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>SCH227 reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579">
      <p>Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.</p>
      <p>Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`.</p>
      <p>This has been patched in version 65.5.1. The patch backported to the revision 44.1.1_1.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40897</cvename>
      <url>https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579</url>
    </references>
    <dates>
      <discovery>2022-12-23</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="24da150a-33e0-4fee-b4ee-2c6b377d3395">
    <topic>py39-setuptools58 -- denial of service vulnerability</topic>
    <affects>
      <package>
    <name>py39-setuptools58</name>
    <range><lt>44.1.1_1</lt></range>
    <range><ge>57.0.0</ge><lt>58.5.3_3</lt></range>
    <range><ge>62.1.0</ge><lt>63.1.0_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>SCH227 reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579">
      <p>Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects.</p>
      <p>Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in `package_index`.</p>
      <p>This has been patched in version 65.5.1. The patch backported to the revision 58.5.3_3.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40897</cvename>
      <url>https://osv.dev/vulnerability/GHSA-r9hx-vwmv-q579</url>
    </references>
    <dates>
      <discovery>2022-12-23</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="15dae5cc-9ee6-4577-a93e-2ab57780e707">
    <topic>py39-sentry-sdk -- sensitive cookies leak</topic>
    <affects>
      <package>
    <name>py39-sentry-sdk</name>
    <range><lt>1.14.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Tom Wolters reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm">
      <p>When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry.</p>
      <p>These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28117</cvename>
      <url>https://osv.dev/vulnerability/GHSA-29pr-6jr8-q5jm</url>
    </references>
    <dates>
      <discovery>2023-03-21</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="28a37df6-ba1a-4eed-bb64-623fc8e8dfd0">
    <topic>py39-py -- Regular expression Denial of Service vulnerability</topic>
    <affects>
      <package>
    <name>py39-py</name>
    <range><le>1.11.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>SCH227 reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-42969">
      <p>The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-42969</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-42969</url>
      <url>https://osv.dev/vulnerability/GHSA-w596-4wvx-j9j6</url>
    </references>
    <dates>
      <discovery>2022-11-04</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="845f8430-d0ee-4134-ae35-480a3e139b8a">
    <topic>py39-joblib -- arbitrary code execution</topic>
    <affects>
      <package>
    <name>py39-joblib</name>
    <range><lt>1.2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>jimlinntu reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2022-288">
      <p>The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21797</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2022-288</url>
      <url>https://osv.dev/vulnerability/GHSA-6hrg-qmvc-2xh8</url>
    </references>
    <dates>
      <discovery>2022-09-26</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="de970aef-d60e-466b-8e30-1ae945a047f1">
    <topic>py39-configobj -- vulnerable to Regular Expression Denial of Service</topic>
    <affects>
      <package>
    <name>py39-configobj</name>
    <range><le>5.0.6_1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>DarkTinia reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24">
      <p>All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\).</p>
      <p>**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-26112</cvename>
      <url>https://osv.dev/vulnerability/GHSA-c33w-24p9-8m24</url>
    </references>
    <dates>
      <discovery>2023-04-03</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="0a38a0d9-757f-4ac3-9561-b439e933dfa9">
    <topic>py39-celery -- command injection vulnerability</topic>
    <affects>
      <package>
    <name>py39-celery</name>
    <range><lt>5.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Snyk reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2021-858">
      <p>This affects the package celery before 5.2.2.</p>
      <p>It by default trusts the messages and metadata stored in backends (result stores).</p>
      <p>When reading task metadata from the backend, the data is deserialized.</p>
      <p>Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-23727</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-858</url>
      <url>https://osv.dev/vulnerability/GHSA-q4xr-rc97-m4xx</url>
    </references>
    <dates>
      <discovery>2021-12-09</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="8aa6340d-e7c6-41e0-b2a3-3c9e9930312a">
    <topic>py39-redis -- can send response data to the client of an unrelated request</topic>
    <affects>
      <package>
    <name>py39-redis</name>
    <range><ge>4.4.0</ge><lt>4.4.4</lt></range>
    <range><ge>4.5.0</ge><lt>4.5.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>drago-balto reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-8fww-64cx-x8p5">
      <p>redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request.</p>
      <p>NOTE: this issue exists because of an incomplete fix for CVE-2023-28858.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28859</cvename>
      <url>https://osv.dev/vulnerability/GHSA-8fww-64cx-x8p5</url>
    </references>
    <dates>
      <discovery>2023-03-26</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="3f6d6181-79b2-4d33-bb1e-5d3f9df0c1d1">
    <topic>py39-redis -- can send response data to the client of an unrelated request</topic>
    <affects>
      <package>
    <name>py39-redis</name>
    <range><lt>4.3.6</lt></range>
    <range><ge>4.4.0</ge><lt>4.4.3</lt></range>
    <range><ge>4.5.0</ge><lt>4.5.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>drago-balto reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/GHSA-24wv-mv5m-xv4h">
      <p>redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner.</p>
      <p>The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3, but [are believed to be incomplete](https://github.com/redis/redis-py/issues/2665).</p>
      <p>CVE-2023-28859 has been assigned the issues caused by the incomplete fixes.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28858</cvename>
      <url>https://osv.dev/vulnerability/GHSA-24wv-mv5m-xv4h</url>
    </references>
    <dates>
      <discovery>2023-03-26</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="d2293e22-4390-42c2-a323-34cca2066000">
    <topic>py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities</topic>
    <affects>
      <package>
    <name>py39-sqlalchemy12</name>
    <range><lt>1.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>21k reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-123">
      <p>SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.</p>
    </blockquote>
    <p>nosecurity reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-124">
      <p>SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-7548</cvename>
      <cvename>CVE-2019-7164</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-123</url>
      <url>https://osv.dev/vulnerability/PYSEC-2019-124</url>
      <url>https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q</url>
      <url>https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf</url>
    </references>
    <dates>
      <discovery>2019-02-06</discovery>
      <entry>2023-04-09</entry>
    </dates>
  </vuln>

  <vuln vid="8ccff771-ceca-43a0-85ad-3e595e73b425">
    <topic>py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities</topic>
    <affects>
      <package>
    <name>py39-sqlalchemy11</name>
    <range><lt>1.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>21k reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-123">
      <p>SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.</p>
    </blockquote>
    <p>nosecurity reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-124">
      <p>SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-7164</cvename>
      <cvename>CVE-2019-7548</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-123</url>
      <url>https://osv.dev/vulnerability/PYSEC-2019-124</url>
      <url>https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q</url>
      <url>https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf</url>
    </references>
    <dates>
      <discovery>2019-02-06</discovery>
      <entry>2023-04-09</entry>
    </dates>
   </vuln>

  <vuln vid="e4181981-ccf1-11ed-956f-7054d21a9e2a">
    <topic>py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities</topic>
    <affects>
      <package>
    <name>py39-sqlalchemy10</name>
    <range><lt>1.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>21k reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-123">
      <p>SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.</p>
    </blockquote>
    <p>nosecurity reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-124">
      <p>SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-7164</cvename>
      <cvename>CVE-2019-7548</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-123</url>
      <url>https://osv.dev/vulnerability/PYSEC-2019-124</url>
      <url>https://osv.dev/vulnerability/GHSA-887w-45rq-vxgf</url>
      <url>https://osv.dev/vulnerability/GHSA-38fc-9xqv-7f7q</url>
    </references>
    <dates>
      <discovery>2019-02-06</discovery>
      <entry>2023-03-28</entry>
    </dates>
  </vuln>

  <vuln vid="c13a8c17-cbeb-11ed-956f-7054d21a9e2a">
    <topic>py39-lmdb -- multiple vulnerabilities</topic>
    <affects>
      <package>
    <name>py39-lmdb</name>
    <range><lt>0.98</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>TeamSeri0us reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-236">
      <p>An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-237">
      <p>An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-238">
      <p>An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-239">
      <p>An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.</p>
    </blockquote>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2019-240">
      <p>An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-16224</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-236</url>
      <cvename>CVE-2019-16225</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-237</url>
      <cvename>CVE-2019-16226</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-238</url>
      <cvename>CVE-2019-16227</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-239</url>
      <cvename>CVE-2019-16228</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2019-240</url>
    </references>
    <dates>
      <discovery>2019-09-11</discovery>
      <entry>2023-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="2991178f-cbe8-11ed-956f-7054d21a9e2a">
    <topic>py39-Elixir -- weak use of cryptography</topic>
    <affects>
      <package>
    <name>py39-Elixir</name>
    <range><le>0.8.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>Red Hat Security Response Team reports:</p>
    <blockquote cite="https://osv.dev/vulnerability/PYSEC-2012-13">
      <p>Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2012-2146</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2012-13</url>
    </references>
    <dates>
      <discovery>2012-08-26</discovery>
      <entry>2023-03-26</entry>
    </dates>
  </vuln>

  <vuln vid="70d0d2ec-cb62-11ed-956f-7054d21a9e2a">
    <topic>py39-rencode -- infinite loop that could lead to Denial of Service</topic>
    <affects>
      <package>
    <name>py39-rencode</name>
    <range><le>1.0.6_1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
    <p>NIST reports:</p>
    <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-40839">
      <p>The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.</p>
    </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-40839</cvename>
      <url>https://osv.dev/vulnerability/PYSEC-2021-345</url>
      <url>https://osv.dev/vulnerability/GHSA-gh8j-2pgf-x458</url>
    </references>
    <dates>
      <discovery>2021-09-09</discovery>
      <entry>2023-03-25</entry>
      <modified>2023-03-26</modified>
    </dates>
  </vuln>

  <vuln vid="3d5581ff-d388-11ed-8581-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>112.0.5615.49</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>112.0.5615.49</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html">
	 <p>This update includes 16 security fixes:</p>
	 <ul>
	   <li>[1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08</li>
	   <li>[1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01</li>
	   <li>[1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22</li>
	   <li>[1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10</li>
	   <li>[1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18</li>
	   <li>[1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10</li>
	   <li>[1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08</li>
	   <li>[1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22</li>
	   <li>[1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24</li>
	   <li>[1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12</li>
	   <li>[1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17</li>
	   <li>[1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07</li>
	   <li>[1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진 on 2020-04-01</li>
	   <li>[1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1810</cvename>
      <cvename>CVE-2023-1811</cvename>
      <cvename>CVE-2023-1812</cvename>
      <cvename>CVE-2023-1813</cvename>
      <cvename>CVE-2023-1814</cvename>
      <cvename>CVE-2023-1815</cvename>
      <cvename>CVE-2023-1816</cvename>
      <cvename>CVE-2023-1817</cvename>
      <cvename>CVE-2023-1818</cvename>
      <cvename>CVE-2023-1819</cvename>
      <cvename>CVE-2023-1820</cvename>
      <cvename>CVE-2023-1821</cvename>
      <cvename>CVE-2023-1822</cvename>
      <cvename>CVE-2023-1823</cvename>
      <url>https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-04-05</discovery>
      <entry>2023-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="348ee234-d541-11ed-ad86-a134a566f1e6">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.8</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/59180">
	  <p>go/parser: infinite loop in parsing</p>
	  <p>Calling any of the Parse functions on Go source code
	    which contains //line directives with very large line
	    numbers can cause an infinite loop due to integer
	    overflow.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/59234">
	  <p>html/template: backticks not treated as string delimiters</p>
	  <p>Templates did not properly consider backticks (`) as
	    Javascript string delimiters, and as such did not escape
	    them as expected. Backticks are used, since ES6, for JS
	    template literals. If a template contained a Go template
	    action within a Javascript template literal, the contents
	    of the action could be used to terminate the literal,
	    injecting arbitrary Javascript code into the Go template.
	    As ES6 template literals are rather complex, and
	    themselves can do string interpolation, we've decided
	    to simply disallow Go template actions from being used
	    inside of them (e.g. "var a = {{.}}"), since there is no
	    obviously safe way to allow this behavior. This takes the
	    same approach as github.com/google/safehtml.
	    Template.Parse will now return an Error when it encounters
	    templates like this, with a currently unexported ErrorCode
	    with a value of 12. This ErrorCode will be exported in the
	    next major release.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/58975">
	  <p>net/http, net/textproto: denial of service from excessive
	    memory allocation</p>
	  <p>HTTP and MIME header parsing could allocate large
	    amounts of memory, even when parsing small inputs.
	    Certain unusual patterns of input data could cause the
	    common function used to parse HTTP and MIME headers to
	    allocate substantially more memory than required to hold
	    the parsed headers. An attacker can exploit this
	    behavior to cause an HTTP server to allocate large
	    amounts of memory from a small request, potentially
	    leading to memory exhaustion and a denial of service.
	    Header parsing now correctly allocates only the memory
	    required to hold parsed headers.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/59153">
	  <p>net/http, net/textproto, mime/multipart: denial of service
	    from excessive resource consumption</p>
	  <p>Multipart form parsing can consume large amounts of CPU
	    and memory when processing form inputs containing very
	    large numbers of parts. This stems from several causes:
	    mime/multipart.Reader.ReadForm limits the total memory a
	    parsed multipart form can consume. ReadForm could
	    undercount the amount of memory consumed, leading it to
	    accept larger inputs than intended. Limiting total
	    memory does not account for increased pressure on the
	    garbage collector from large numbers of small
	    allocations in forms with many parts. ReadForm could
	    allocate a large number of short-lived buffers, further
	    increasing pressure on the garbage collector. The
	    combination of these factors can permit an attacker to
	    cause an program that parses multipart forms to consume
	    large amounts of CPU and memory, potentially resulting
	    in a denial of service. This affects programs that use
	    mime/multipart.Reader.ReadForm, as well as form parsing
	    in the net/http package with the Request methods
	    FormFile, FormValue, ParseMultipartForm, and
	    PostFormValue. ReadForm now does a better job of
	    estimating the memory consumption of parsed forms, and
	    performs many fewer short-lived allocations. In
	    addition, mime/multipart.Reader now imposes the
	    following limits on the size of parsed forms: Forms
	    parsed with ReadForm may contain no more than 1000
	    parts. This limit may be adjusted with the environment
	    variable GODEBUG=multipartmaxparts=. Form parts parsed
	    with NextPart and NextRawPart may contain no more than
	    10,000 header fields. In addition, forms parsed with
	    ReadForm may contain no more than 10,000 header fields
	    across all parts. This limit may be adjusted with the
	    environment variable GODEBUG=multipartmaxheaders=.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24537</cvename>
      <cvename>CVE-2023-24538</cvename>
      <cvename>CVE-2023-24534</cvename>
      <cvename>CVE-2023-24536</cvename>
      <url>https://groups.google.com/g/golang-dev/c/P-sOFU28bj0/m/QE_cqf22AgAJ</url>
    </references>
    <dates>
      <discovery>2023-04-04</discovery>
      <entry>2023-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="e86b8e4d-d551-11ed-8d1e-005056a311d1">
    <topic>samba -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>samba416</name>
	<range><lt>4.16.10</lt></range>
      </package>
      <package>
	<name>samba417</name>
	<range><lt>4.17.7</lt></range>
      </package>
      <package>
	<name>samba418</name>
	<range><lt>4.18.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/security/CVE-2023-0225.html">
	  <p>An incomplete access check on dnsHostName allows
	  authenticated but otherwise unprivileged users to
	  delete this attribute from any object in the directory.</p>
	</blockquote>
	<blockquote cite="https://www.samba.org/samba/security/CVE-2023-0922.html">
	  <p>The Samba AD DC administration tool, when operating
	  against a remote LDAP server, will by default send
	  new or reset passwords over a signed-only connection. </p>
	</blockquote>
	<blockquote cite="https://www.samba.org/samba/security/CVE-2023-0614.html">
	  <p>The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for
	  CVE-2018-10919 Confidential attribute disclosure via
	  LDAP filters was insufficient and an attacker may be
	  able to obtain confidential BitLocker recovery keys
	  from a Samba AD DC.</p>
	  <p>Installations with such secrets in their Samba AD
	  should assume they have been obtained and need replacing.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0225</cvename>
      <url>https://www.samba.org/samba/security/CVE-2023-0225.html</url>
      <cvename>CVE-2023-0922</cvename>
      <url>https://www.samba.org/samba/security/CVE-2023-0922.html</url>
      <cvename>CVE-2023-0614</cvename>
      <url>https://www.samba.org/samba/security/CVE-2023-0614.html</url>
    </references>
    <dates>
      <discovery>2023-03-29</discovery>
      <entry>2023-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="faf7c1d0-f5bb-47b4-a6a8-ef57317b9766">
    <topic>ffmpeg -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>ffmpeg</name>
	<range><ge>5.1,1</ge><lt>5.1.3,1</lt></range>
	<range><ge>5.0,1</ge><lt>5.0.3,1</lt></range>
	<range><lt>4.4.4,1</lt></range>
      </package>
      <package>
	<name>ffmpeg4</name>
	<range><lt>4.4.4</lt></range>
      </package>
      <package>
	<name>avidemux</name>
	<!-- avidemux-2.8.1 has ffmpeg-4.4.2 -->
	<range><le>2.9</le></range>
      </package>
      <package>
	<name>emby-server</name>
	<name>emby-server-devel</name>
	<!-- emby-server-4.7.11.0 has ffmpeg 5.0 fork -->
	<!-- emby-server-devel-4.8.0.29 has old ffmpeg unlike upstream -->
	<range><ge>0</ge></range>
      </package>
      <package>
	<name>handbrake</name>
	<!-- handbrake-1.5.1 has ffmpeg-4.4.1 -->
	<range><lt>1.6.0</lt></range>
      </package>
      <package>
	<name>mythtv</name>
	<name>mythtv-frontend</name>
	<!-- mythtv-32.0.60 has ffmpeg-4.4.1 fork -->
	<range><le>33.0,1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-3109">
	  <p>An issue was discovered in the FFmpeg package, where
	  vp3_decode_frame in libavcodec/vp3.c lacks check of the
	  return value of av_malloc() and will cause a null pointer
	  dereference, impacting availability.</p>
	</blockquote>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-3341">
	  <p>A null pointer dereference issue was discovered in
	  'FFmpeg' in decode_main_header() function of
	  libavformat/nutdec.c file. The flaw occurs because the
	  function lacks check of the return value of
	  avformat_new_stream() and triggers the null pointer
	  dereference error, causing an application to crash.</p>
	</blockquote>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-3964">
	  <p>A vulnerability classified as problematic has been found
	  in ffmpeg. This affects an unknown part of the file
	  libavcodec/rpzaenc.c of the component QuickTime RPZA Video
	  Encoder. The manipulation of the argument y_size leads to
	  out-of-bounds read. It is possible to initiate the attack
	  remotely. The name of the patch is
	  92f9b28ed84a77138105475beba16c146bdaf984. It is recommended
	  to apply a patch to fix this issue. The associated
	  identifier of this vulnerability is VDB-213543.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3109</cvename>
      <cvename>CVE-2022-3341</cvename>
      <cvename>CVE-2022-3964</cvename>
      <url>https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/2cdddcd6ec90c7a248ffe792d85faa4d89eab9f7</url>
      <url>https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/481e81be1271ac9a0124ee615700390c2371bd89</url>
      <url>https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/1eb002596e3761d88de4aeea3158692b82fb6307</url>
      <url>https://ffmpeg.org/security.html</url>
    </references>
    <dates>
      <discovery>2022-11-12</discovery>
      <entry>2023-04-07</entry>
      <modified>2023-04-10</modified>
    </dates>
  </vuln>

  <vuln vid="466ba8bd-d033-11ed-addf-080027eda32c">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.10</lt></range>
      </package>
    <package>
	<name>mediawiki138</name>
	<range><lt>1.38.6</lt></range>
      </package>
      <package>
	<name>mediawiki139</name>
	<range><lt>1.39.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawikwi reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/">
	  <p>(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows
	    brute-forcing autoblocked IP addresses.</p>
	  <p>(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in
	    VisualEditor has known ReDos.</p>
	  <p>(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when
	    MediaWiki is configured without ObjectCache; Insecure Default Configuration.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-36649</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/</url>
    </references>
    <dates>
      <discovery>2020-04-02</discovery>
      <entry>2023-04-01</entry>
    </dates>
  </vuln>

  <vuln vid="54006796-cf7b-11ed-a5d5-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.10.0</ge><lt>15.10.1</lt></range>
	<range><ge>15.9.0</ge><lt>15.9.4</lt></range>
	<range><ge>8.1</ge><lt>15.8.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/">
	  <p>Cross-site scripting in "Maximum page reached" page</p>
	  <p>Private project guests can read new changes using a fork</p>
	  <p>Mirror repository error reveals password in Settings UI</p>
	  <p>DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint</p>
	  <p>Unauthenticated users can view Environment names from public projects limited to project members only</p>
	  <p>Copying information to the clipboard could lead to the execution of unexpected commands</p>
	  <p>Maintainer can leak masked webhook secrets by adding a new parameter to the webhook URL</p>
	  <p>Arbitrary HTML injection possible when :soft_email_confirmation feature flag is enabled in the latest release</p>
	  <p>Framing of arbitrary content (leading to open redirects) on any page allowing user controlled markdown</p>
	  <p>MR for security reports are available to everyone</p>
	  <p>API timeout when searching for group issues</p>
	  <p>Unauthorised user can add child epics linked to victim's epic in an unrelated group</p>
	  <p>GitLab search allows to leak internal notes</p>
	  <p>Ambiguous branch name exploitation in GitLab</p>
	  <p>Improper permissions checks for moving an issue</p>
	  <p>Private project branches names can be leaked through a fork</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3513</cvename>
      <cvename>CVE-2023-0485</cvename>
      <cvename>CVE-2023-1098</cvename>
      <cvename>CVE-2023-1733</cvename>
      <cvename>CVE-2023-0319</cvename>
      <cvename>CVE-2023-1708</cvename>
      <cvename>CVE-2023-0838</cvename>
      <cvename>CVE-2023-0523</cvename>
      <cvename>CVE-2023-0155</cvename>
      <cvename>CVE-2023-1167</cvename>
      <cvename>CVE-2023-1417</cvename>
      <cvename>CVE-2023-1710</cvename>
      <cvename>CVE-2023-0450</cvename>
      <cvename>CVE-2023-1071</cvename>
      <cvename>CVE-2022-3375</cvename>
      <url>https://about.gitlab.com/releases/2023/03/30/security-release-gitlab-15-10-1-released/</url>
    </references>
    <dates>
      <discovery>2023-03-30</discovery>
      <entry>2023-03-31</entry>
    </dates>
  </vuln>

  <vuln vid="6bd2773c-cf1a-11ed-bd44-080027f5fec9">
    <topic>rubygem-time -- ReDoS vulnerability</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.7.0,1</ge><lt>2.7.8,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.6,1</lt></range>
	<range><ge>3.1.0,1</ge><lt>3.1.4,1</lt></range>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.2,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.8,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.6,1</lt></range>
      </package>
      <package>
	<name>ruby31</name>
	<range><ge>3.1.0,1</ge><lt>3.1.4,1</lt></range>
      </package>
      <package>
	<name>ruby32</name>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.2,1</lt></range>
      </package>
      <package>
	<name>rubygem-time</name>
	<range><lt>0.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ooooooo_q reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/">
	  <p>
	    The Time parser mishandles invalid strings that have
	    specific characters. It causes an increase in execution
	    time for parsing strings to Time objects.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28756</cvename>
      <url>https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/</url>
    </references>
    <dates>
      <discovery>2023-03-30</discovery>
      <entry>2023-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="9b60bba1-cf18-11ed-bd44-080027f5fec9">
    <topic>rubygem-uri -- ReDoS vulnerability</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.7.0,1</ge><lt>2.7.8,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.6,1</lt></range>
	<range><ge>3.1.0,1</ge><lt>3.1.4,1</lt></range>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.2,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.8,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.6,1</lt></range>
      </package>
      <package>
	<name>ruby31</name>
	<range><ge>3.1.0,1</ge><lt>3.1.4,1</lt></range>
      </package>
      <package>
	<name>ruby32</name>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.2,1</lt></range>
      </package>
      <package>
	<name>rubygem-uri</name>
	<range><lt>0.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dominic Couture reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/">
	  <p>
	    A ReDoS issue was discovered in the URI component. The URI
	    parser mishandles invalid URLs that have specific
	    characters. It causes an increase in execution time for
	    parsing strings to URI objects.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28755</cvename>
      <url>https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/</url>
    </references>
    <dates>
      <discovery>2023-03-28</discovery>
      <entry>2023-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="dc33795f-ced7-11ed-b1fe-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><lt>4.8.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://blog.powerdns.com/2023/03/29/security-advisory-2023-02-for-powerdns-recursor-up-to-and-including-4-6-5-4-7-4-and-4-8-3/">
	  <p>PowerDNS Security Advisory 2023-02: Deterred spoofing attempts
	    can lead to authoritative servers being marked unavailable</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-26437</cvename>
      <url>https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html</url>
    </references>
    <dates>
      <discovery>2023-03-29</discovery>
      <entry>2023-03-30</entry>
    </dates>
  </vuln>

  <vuln vid="96d84238-b500-490b-b6aa-2b77090a0410">
    <topic>xorg-server -- Overlay Window Use-After-Free</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.8,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.8,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><ge>23.0.0,1</ge><lt>23.1.1,1</lt></range>
	<range><lt>22.1.9,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.439</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-March/003374.html">
	  <ul>
	    <li>ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
	    Local Privilege Escalation Vulnerability

	    <p>If a client explicitly destroys the compositor overlay window (aka COW),
	    the Xserver would leave a dangling pointer to that window in the CompScreen
	    structure, which will trigger a use-after-free later.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-March/003374.html</url>
      <cvename>CVE-2023-1393</cvename>
    </references>
    <dates>
      <discovery>2023-03-29</discovery>
      <entry>2023-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="425b9538-ce5f-11ed-ade3-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1t,1_2</lt></range>
      </package>
      <package>
	<name>openssl30</name>
	<range><lt>3.0.8_2</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.0_2</lt></range>
      </package>
      <package>
	<name>openssl-quic</name>
	<range><lt>3.0.8_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230328.txt">
	  <p>Severity: low</p>
	  <p>Applications that use a non-default option when verifying certificates may be
	    vulnerable to an attack from a malicious CA to circumvent certain checks.</p>
	  <p>The function X509_VERIFY_PARAM_add0_policy() is documented to
	    implicitly enable the certificate policy check when doing certificate
	    verification. However the implementation of the function does not
	    enable the check which allows certificates with invalid or incorrect
	    policies to pass the certificate verification.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0465</cvename>
      <cvename>CVE-2023-0466</cvename>
      <url>https://www.openssl.org/news/secadv/20230328.txt</url>
    </references>
    <dates>
      <discovery>2023-03-28</discovery>
      <entry>2023-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="955eb3cc-ce0b-11ed-825f-6c3be5272acd">
    <topic>Grafana -- Stored XSS in Graphite FunctionDescription tooltip</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.22</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.15</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.22</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.2.15</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.11</lt></range>
	<range><ge>9.4.0</ge><lt>9.4.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/03/22/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-1410/">
	  <p>When a user adds a Graphite data source, they can then use the data source
	  in a dashboard. This capability contains a feature to use Functions. Once
	  a function is selected, a small tooltip appears when hovering over the name
	  of the function. This tooltip allows you to delete the selected Function
	  from your query or show the Function Description. However, no sanitization
	  is done when adding this description to the DOM.</p>
	  <p>Since it is not uncommon to connect to public data sources, an attacker
	  could host a Graphite instance with modified Function Descriptions containing
	  XSS payloads. When the victim uses it in a query and accidentally hovers
	  over the Function Description, an attacker-controlled XSS payload
	  will be executed.</p>
	  <p>The severity of this vulnerability is of CVSSv3.1 5.7 Medium
	  (CVSS: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N (5.7)).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1410</cvename>
      <url>https://grafana.com/security/security-advisories/cve-2023-1410/</url>
    </references>
    <dates>
      <discovery>2023-03-14</discovery>
      <entry>2023-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="5b0ae405-cdc7-11ed-bb39-901b0e9408dc">
    <topic>Matrix clients -- Prototype pollution in matrix-js-sdk</topic>
    <affects>
      <package>
	<name>element-web</name>
	<range><lt>1.11.26</lt></range>
      </package>
      <package>
	<name>cinny</name>
	<range><le>2.2.4</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0">
	  <p>Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk
	  to patch a pair of High severity vulnerabilities (CVE-2023-28427 /
	  GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv
	  for matrix-react-sdk).</p>
	  <p>The issues involve prototype pollution via events containing special strings
	  in key locations, which can temporarily disrupt normal functioning of matrix-js-sdk
	  and matrix-react-sdk, potentially impacting the consumer's ability to process data
	  safely.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28103</cvename>
      <cvename>CVE-2023-28427</cvename>
      <url>https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0</url>
    </references>
    <dates>
      <discovery>2023-03-28</discovery>
      <entry>2023-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="6bacd9fd-ca56-11ed-bc52-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2023-03-20">
	  <p>XSS</p>
	  <p>weak passwords</p>
	  <p>privilege escalation</p>
	  <p>Captcha bypass</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1/</url>
      <url>https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61/</url>
      <url>https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b/</url>
      <url>https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e/</url>
      <url>https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28/</url>
      <url>https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334/</url>
      <url>https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9/</url>
      <url>https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e/</url>
      <url>https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc/</url>
      <url>https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1/</url>
      <url>https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a/</url>
      <url>https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f/</url>
      <url>https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a/</url>
      <url>https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c/</url>
      <url>https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191/</url>
      <url>https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c/</url>
      <url>https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8/</url>
      <url>https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a/</url>
      <url>https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957/</url>
      <url>https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5/</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="1ba034fb-ca38-11ed-b242-d4c9ef517024">
    <topic>OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1t,1_1</lt></range>
      </package>
      <package>
	<name>openssl30</name>
	<range><lt>3.0.8_1</lt></range>
      </package>
      <package>
	<name>openssl31</name>
	<range><lt>3.1.0_1</lt></range>
      </package>
      <package>
	<name>openssl-quic</name>
	<range><lt>3.0.8_1</lt></range>
      </package>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>6.1.46</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230322.txt">
	  <p>Severity: Low</p>
	  <p>A security vulnerability has been identified in all supported versions
	    of OpenSSL related to the verification of X.509 certificate chains
	    that include policy constraints.  Attackers may be able to exploit this
	    vulnerability by creating a malicious certificate chain that triggers
	    exponential use of computational resources, leading to a denial-of-service
	    (DoS) attack on affected systems.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0464</cvename>
      <url>https://www.openssl.org/news/secadv/20230322.txt</url>
    </references>
    <dates>
      <discovery>2023-03-23</discovery>
      <entry>2023-03-24</entry>
      <modified>2023-07-19</modified>
    </dates>
  </vuln>

  <vuln vid="2fdb053c-ca25-11ed-9d7e-080027f5fec9">
    <topic>rack -- possible denial of service vulnerability in header parsing</topic>
    <affects>
      <package>
	<name>rubygem-rack</name>
	<range><lt>3.0.6.1,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack22</name>
	<range><lt>2.2.6.6,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack16</name>
	<range><lt>1.6.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ooooooo_q reports:</p>
	<blockquote cite="https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466">
	  <p>
	    Carefully crafted input can cause header parsing in Rack
	    to take an unexpected amount of time, possibly resulting
	    in a denial of service attack vector. Any applications
	    that parse headers using Rack (virtually all Rails
	    applications) are impacted.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27539</cvename>
      <url>https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466</url>
    </references>
    <dates>
      <discovery>2023-03-13</discovery>
      <entry>2023-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="dec6b8e9-c9fe-11ed-bb39-901b0e9408dc">
    <topic>dino -- Insufficient message sender validation in Dino</topic>
    <affects>
      <package>
	<name>dino</name>
	<range><lt>0.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dino team reports:</p>
	<blockquote cite="https://dino.im/security/cve-2023-28686/">
	  <p>Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows
	attackers to modify the personal bookmark store via a crafted
	message.  The attacker can change the display of group chats or
	force a victim to join a group chat; the victim may then be tricked
	into disclosing sensitive information.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28686</cvename>
      <url>https://dino.im/security/cve-2023-28686/</url>
    </references>
    <dates>
      <discovery>2023-03-23</discovery>
      <entry>2023-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="38f213b6-8f3d-4067-91ef-bf14de7ba518">
    <topic>libXpm -- Issues handling XPM files</topic>
    <affects>
      <package>
	<name>libXpm</name>
	<range><lt>3.5.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.Org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-January/003312.html">
	  <ol>
	    <li>CVE-2022-46285: Infinite loop on unclosed comments

	    <p>When reading XPM images from a file with libXpm 3.5.14 or older, if a
	    comment in the file is not closed (i.e. a C-style comment starts with
	    "/*" and is missing the closing "*/"), the ParseComment() function will
	    loop forever calling getc() to try to read the rest of the comment,
	    failing to notice that it has returned EOF, which may cause a denial of
	    service to the calling program.</p>

	    <p>This issue was found by Marco Ivaldi of the Humanativa Group's HN Security team.</p>

	    <p>The fix is provided in
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148</p></li>

	    <li>CVE-2022-44617: Runaway loop on width of 0 and enormous height

	    <p>When reading XPM images from a file with libXpm 3.5.14 or older, if a
	    image has a width of 0 and a very large height, the ParsePixels() function
	    will loop over the entire height calling getc() and ungetc() repeatedly,
	    or in some circumstances, may loop seemingly forever, which may cause a denial
	    of service to the calling program when given a small crafted XPM file to parse.</p>

	    <p>This issue was found by Martin Ettl.</p>

	    <p>The fix is provided in
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb28
	    and
	    https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d</p></li>

	    <li>CVE-2022-4883: compression commands depend on $PATH

	    <p>By default, on all platforms except MinGW, libXpm will detect if a filename
	    ends in .Z or .gz, and will when reading such a file fork off an uncompress
	    or gunzip command to read from via a pipe, and when writing such a file will
	    fork off a compress or gzip command to write to via a pipe.</p>

	    <p>In libXpm 3.5.14 or older these are run via execlp(), relying on $PATH
	    to find the commands.  If libXpm is called from a program running with
	    raised privileges, such as via setuid, then a malicious user could set
	    $PATH to include programs of their choosing to be run with those privileges.</p>

	    <p>This issue was found by Alan Coopersmith of the Oracle Solaris team.</p></li>
	  </ol>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-January/003312.html</url>
      <cvename>CVE-2022-46285</cvename>
      <cvename>CVE-2022-44617</cvename>
      <cvename>CVE-2022-4883</cvename>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="1b15a554-c981-11ed-bb39-901b0e9408dc">
    <topic>tailscale -- security vulnerability in Tailscale SSH</topic>
    <affects>
      <package>
	<name>tailscale</name>
	<range><lt>1.38.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tailscale team reports:</p>
	<blockquote cite="https://tailscale.com/security-bulletins/#ts-2023-003">
	  <p>A vulnerability identified in the implementation of Tailscale SSH in FreeBSD
	  allowed commands to be run with a higher privilege group ID than that specified
	  by Tailscale SSH access rules.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28436</cvename>
      <url>https://tailscale.com/security-bulletins/#ts-2023-003</url>
    </references>
    <dates>
      <discovery>2023-03-22</discovery>
      <entry>2023-03-23</entry>
    </dates>
  </vuln>

  <vuln vid="c8b334e0-6e83-4575-81d1-f9d5803ceb07">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>111.0.5563.110</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>111.0.5563.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html">
	 <p>This update includes 8 security fixes:</p>
	 <ul>
	   <li>[1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07</li>
	   <li>[1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27</li>
	   <li>[1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27</li>
	   <li>[1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13</li>
	   <li>[1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03</li>
	   <li>[1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07</li>
	   <li>[1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1528</cvename>
      <cvename>CVE-2023-1529</cvename>
      <cvename>CVE-2023-1530</cvename>
      <cvename>CVE-2023-1531</cvename>
      <cvename>CVE-2023-1532</cvename>
      <cvename>CVE-2023-1533</cvename>
      <cvename>CVE-2023-1534</cvename>
      <url>https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html</url>
    </references>
    <dates>
      <discovery>2023-03-21</discovery>
      <entry>2023-03-22</entry>
    </dates>
  </vuln>

  <vuln vid="a60cc0e4-c7aa-11ed-8a4b-080027f5fec9">
    <topic>redis -- specially crafted MSETNX command can lead to denial-of-service</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.10</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.10.20230320</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Yupeng Yang reports:</p>
	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c">
	  <p>
	    Authenticated users can use the MSETNX command to trigger
	    a runtime assertion and termination of the Redis server
	    process.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-28425</cvename>
      <url>https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-03-21</entry>
    </dates>
  </vuln>

  <vuln vid="0d7d104c-c6fb-11ed-8a4b-080027f5fec9">
    <topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>8.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Harry Sintonen reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <dl>
	    <dt>CVE-2023-27533</dt>
	    <dd>
	      curl supports communicating using the TELNET protocol
	      and as a part of this it offers users to pass on user
	      name and &quot;telnet options&quot; for the server
	      negotiation.

	      Due to lack of proper input scrubbing and without it
	      being the documented functionality, curl would pass on
	      user name and telnet options to the server as
	      provided. This could allow users to pass in carefully
	      crafted content that pass on content or do option
	      negotiation without the application intending to do
	      so. In particular if an application for example allows
	      users to provide the data or parts of the data.
	    </dd>
	    <dt>CVE-2023-27534</dt>
	    <dd>
	      curl supports SFTP transfers. curl's SFTP implementation
	      offers a special feature in the path component of URLs:
	      a tilde (~) character as the first path element in the
	      path to denotes a path relative to the user's home
	      directory. This is supported because of wording in the
	      once proposed to-become RFC draft that was to dictate
	      how SFTP URLs work.

	      Due to a bug, the handling of the tilde in SFTP path did
	      however not only replace it when it is used stand-alone
	      as the first path element but also wrongly when used as
	      a mere prefix in the first element.

	      Using a path like /~2/foo when accessing a server using
	      the user dan (with home directory /home/dan) would then
	      quite surprisingly access the file /home/dan2/foo.

	      This can be taken advantage of to circumvent filtering
	      or worse.
	    </dd>
	    <dt>CVE-2023-27535</dt>
	    <dd>
	      libcurl would reuse a previously created FTP connection
	      even when one or more options had been changed that
	      could have made the effective user a very different one,
	      thus leading to the doing the second transfer with wrong
	      credentials.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, several FTP settings
	      were left out from the configuration match checks,
	      making them match too easily. The settings in questions
	      are CURLOPT_FTP_ACCOUNT,
	      CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and
	      CURLOPT_USE_SSL level.
	    </dd>
	    <dt>CVE-2023-27536</dt>
	    <dd>
	      ibcurl would reuse a previously created connection even
	      when the GSS delegation (CURLOPT_GSSAPI_DELEGATION)
	      option had been changed that could have changed the
	      user's permissions in a second transfer.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, this GSS delegation
	      setting was left out from the configuration match
	      checks, making them match too easily, affecting
	      krb5/kerberos/negotiate/GSSAPI transfers.
	    </dd>
	    <dt>CVE-2023-27537</dt>
	    <dd>
	      libcurl supports sharing HSTS data between separate
	      "handles". This sharing was introduced without
	      considerations for do this sharing across separate
	      threads but there was no indication of this fact in the
	      documentation.

	      Due to missing mutexes or thread locks, two threads
	      sharing the same HSTS data could end up doing a
	      double-free or use-after-free.
	    </dd>
	    <dt>CVE-2023-27538</dt>
	    <dd>
	      libcurl would reuse a previously created connection even
	      when an SSH related option had been changed that should
	      have prohibited reuse.

	      libcurl keeps previously used connections in a
	      connection pool for subsequent transfers to reuse if one
	      of them matches the setup. However, two SSH settings
	      were left out from the configuration match checks,
	      making them match too easily.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27533</cvename>
      <cvename>CVE-2023-27534</cvename>
      <cvename>CVE-2023-27535</cvename>
      <cvename>CVE-2023-27536</cvename>
      <cvename>CVE-2023-27537</cvename>
      <cvename>CVE-2023-27538</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2023-03-20</discovery>
      <entry>2023-03-20</entry>
    </dates>
  </vuln>

  <vuln vid="72583cb3-a7f9-11ed-bd9e-589cfc0f81b0">
    <topic>phpMyAdmin -- XSS vulnerability in drag-and-drop upload</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<name>phpMyAdmin-php80</name>
	<name>phpMyAdmin-php81</name>
	<name>phpMyAdmin-php82</name>
	<name>phpMyAdmin5</name>
	<name>phpMyAdmin5-php80</name>
	<name>phpMyAdmin5-php81</name>
	<name>phpMyAdmin5-php82</name>
	<range><lt>4.9.11</lt></range>
	<range><ge>5.0</ge><lt>5.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpMyAdmin Team reports:</p>
	<blockquote cite="https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/">
	  <p>PMASA-2023-1 XSS vulnerability in drag-and-drop upload</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.phpmyadmin.net/security/PMASA-2023-1/</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="8edeb3c1-bfe7-11ed-96f5-3497f65b111b">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.56</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.56">
	  <ul>
	    <li>CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
	      HTTP response splitting (cve.mitre.org).
	      HTTP Response Smuggling vulnerability in Apache HTTP Server
	      via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
	      from 2.4.30 through 2.4.55.
	      Special characters in the origin response header can
	      truncate/split the response forwarded to the client.</li>
	    <li>CVE-2023-25690: HTTP request splitting with mod_rewrite
	      and mod_proxy (cve.mitre.org).
	      Some mod_proxy configurations on Apache HTTP Server versions
	      2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
	      Configurations are affected when mod_proxy is enabled along
	      with some form of RewriteRule or ProxyPassMatch in which a
	      non-specific pattern matches some portion of the user-supplied
	      request-target (URL) data and is then re-inserted into the
	      proxied request-target using variable substitution.
	    </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25690</cvename>
      <cvename>CVE-2023-27522</cvename>
      <url>https://downloads.apache.org/httpd/CHANGES_2.4.56</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-11</entry>
    </dates>
  </vuln>

  <vuln vid="d357f6bb-0af4-4ac9-b096-eeec183ad829">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>111.0.5563.64</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>111.0.5563.64</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html">
	 <p>This update includes 40 security fixes:</p>
	 <ul>
	   <li>[1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30</li>
	   <li>[1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03</li>
	   <li>[1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17</li>
	   <li>[1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21</li>
	   <li>[1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03</li>
	   <li>[1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07</li>
	   <li>[1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13</li>
	   <li>[1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17</li>
	   <li>[1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16</li>
	   <li>[1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24</li>
	   <li>[1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07</li>
	   <li>[1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25</li>
	   <li>[1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20</li>
	   <li>[1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10</li>
	   <li>[1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31</li>
	   <li>[1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18</li>
	   <li>[1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20</li>
	   <li>[1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30</li>
	   <li>[1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30</li>
	   <li>[1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24</li>
	   <li>[1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25</li>
	   <li>[1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03</li>
	   <li>[1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03</li>
	   <li>[1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-1213</cvename>
      <cvename>CVE-2023-1214</cvename>
      <cvename>CVE-2023-1215</cvename>
      <cvename>CVE-2023-1216</cvename>
      <cvename>CVE-2023-1217</cvename>
      <cvename>CVE-2023-1218</cvename>
      <cvename>CVE-2023-1219</cvename>
      <cvename>CVE-2023-1220</cvename>
      <cvename>CVE-2023-1221</cvename>
      <cvename>CVE-2023-1222</cvename>
      <cvename>CVE-2023-1223</cvename>
      <cvename>CVE-2023-1224</cvename>
      <cvename>CVE-2023-1225</cvename>
      <cvename>CVE-2023-1226</cvename>
      <cvename>CVE-2023-1227</cvename>
      <cvename>CVE-2023-1228</cvename>
      <cvename>CVE-2023-1229</cvename>
      <cvename>CVE-2023-1230</cvename>
      <cvename>CVE-2023-1231</cvename>
      <cvename>CVE-2023-1232</cvename>
      <cvename>CVE-2023-1233</cvename>
      <cvename>CVE-2023-1234</cvename>
      <cvename>CVE-2023-1235</cvename>
      <cvename>CVE-2023-1236</cvename>
      <url>https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="f68bb358-be8e-11ed-9215-00e081b7aa2d">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.394</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.387.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2023-03-08/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-3037 / CVE-2023-27898</h5>
	  <p>XSS vulnerability in plugin manager</p>
	  <h5>(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)</h5>
	  <p>DoS vulnerability in bundled Apache Commons FileUpload library</p>
	  <h5></h5>
	  <h5>(Medium) SECURITY-1807 / CVE-2023-27902</h5>
	  <p>Workspace temporary directories accessible through directory browser</p>
	  <h5>(Low) SECURITY-3058 / CVE-2023-27903</h5>
	  <p>Temporary file parameter created with insecure permissions</p>
	  <h5>(Low) SECURITY-2120 / CVE-2023-27904</h5>
	  <p>Information disclosure through error stack traces related to agents</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27898</cvename>
      <cvename>CVE-2023-24998</cvename>
      <cvename>CVE-2023-27900</cvename>
      <cvename>CVE-2023-27901</cvename>
      <cvename>CVE-2023-27902</cvename>
      <cvename>CVE-2023-27903</cvename>
      <cvename>CVE-2023-27904</cvename>
      <url>https://www.jenkins.io/security/advisory/2023-03-08/</url>
    </references>
    <dates>
      <discovery>2023-03-08</discovery>
      <entry>2023-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="742279d6-bdbe-11ed-a179-2b68e9d12706">
    <topic>go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.7</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/58647">
	  <p>crypto/elliptic: incorrect P-256 ScalarMult and
	    ScalarBaseMult results</p>
	  <p>The ScalarMult and ScalarBaseMult methods of the P256
	    Curve may return an incorrect result if called with some
	    specific unreduced scalars (a scalar larger than the
	    order of the curve).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24532</cvename>
      <url>https://groups.google.com/g/golang-dev/c/3wmx8i5WvNY/m/AEOlccrGAwAJ</url>
    </references>
    <dates>
      <discovery>2023-02-22</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="bed545c6-bdb8-11ed-bca8-a33124f1beb1">
    <topic>mantis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mantis-php74</name>
	<name>mantis-php80</name>
	<name>mantis-php81</name>
	<name>mantis-php82</name>
	<range><lt>2.25.6,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mantis 2.25.6 release reports:</p>
	<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&amp;version=2.25.6">
	  <p>Security and maintenance release</p>
	  <ul>
	    <li>0031086: Private issue summary disclosure (CVE-2023-22476)</li>
	    <li>0030772: Update (bundled) moment.js to 2.29.4 (CVE-2022-31129)</li>
	    <li>0030791: Allow adding relation type noopener/noreferrer to outgoing links</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22476</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476</url>
      <cvename>CVE-2022-31129</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129</url>
    </references>
    <dates>
      <discovery>2023-01-06</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="6678211c-bd47-11ed-beb0-1c1b0d9ea7e6">
    <topic>Apache OpenOffice -- master password vulnerabilities</topic>
    <affects>
      <package>
	<name>apache-openoffice</name>
	<range><lt>4.1.13</lt></range>
      </package>
      <package>
	<name>apache-openoffice-devel</name>
	<range><lt>4.2.1678061694,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Openoffice project reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37400">
	  <p>Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37401">
	  <p>Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37400</cvename>
      <cvename>CVE-2022-37401</cvename>
      <url>https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.13+Release+Notes</url>
    </references>
    <dates>
      <discovery>2022-02-25</discovery>
      <entry>2023-03-08</entry>
    </dates>
  </vuln>

  <vuln vid="f0798a6a-bbdb-11ed-ba99-080027f5fec9">
    <topic>rack -- possible DoS vulnerability in multipart MIME parsing</topic>
    <affects>
      <package>
	<name>rubygem-rack</name>
	<range><lt>3.0.4.2,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack22</name>
	<range><lt>2.2.6.3,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack16</name>
	<range><lt>1.6.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aaron Patterson reports:</p>
	<blockquote cite="https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388">
	  <p>
	    The Multipart MIME parsing code in Rack limits the number
	    of file parts, but does not limit the total number of
	    parts that can be uploaded. Carefully crafted requests can
	    abuse this and cause multipart parsing to take longer than
	    expected.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-27530</cvename>
      <url>https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388</url>
    </references>
    <dates>
      <discovery>2023-03-03</discovery>
      <entry>2023-03-06</entry>
    </dates>
  </vuln>

  <vuln vid="be233fc6-bae7-11ed-a4fb-080027f5fec9">
    <topic>curl -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>7.88.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Harry Sintonen and Patrick Monnerat report:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <dl>
	    <dt>CVE-2023-23914</dt>
	    <dd>
	      A cleartext transmission of sensitive information
	      vulnerability exists in curl &lt; v7.88.0 that could
	      cause HSTS functionality fail when multiple URLs are
	      requested serially. Using its HSTS support, curl can be
	      instructed to use HTTPS instead of using an insecure
	      clear-text HTTP step even when HTTP is provided in the
	      URL. This HSTS mechanism would however surprisingly be
	      ignored by subsequent transfers when done on the same
	      command line because the state would not be properly
	      carried on.
	    </dd>
	    <dt>CVE-2023-23915</dt>
	    <dd>
	      A cleartext transmission of sensitive information
	      vulnerability exists in curl &lt; v7.88.0 that could
	      cause HSTS functionality to behave incorrectly when
	      multiple URLs are requested in parallel. Using its HSTS
	      support, curl can be instructed to use HTTPS instead of
	      using an insecure clear-text HTTP step even when HTTP is
	      provided in the URL. This HSTS mechanism would however
	      surprisingly fail when multiple transfers are done in
	      parallel as the HSTS cache file gets overwritten by the
	      most recently completed transfer. A later HTTP-only
	      transfer to the earlier host name would then *not* get
	      upgraded properly to HSTS.
	    </dd>
	    <dt>CVE-2023-23916</dt>
	    <dd>
	      An allocation of resources without limits or throttling
	      vulnerability exists in curl &lt; v7.88.0 based on the
	      &quot;chained&quot; HTTP compression algorithms, meaning
	      that a server response can be compressed multiple times
	      and potentially with different algorithms. The number of
	      acceptable &quot;links&quot; in this &quot;decompression
	      chain&quot; was capped, but the cap was implemented on a
	      per-header basis allowing a malicious server to insert a
	      virtually unlimited number of compression steps simply
	      by using many headers. The use of such a decompression
	      chain could result in a &quot;malloc bomb&quot;, making
	      curl end up spending enormous amounts of allocated heap
	      memory, or trying to and returning out of memory errors.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23914</cvename>
      <cvename>CVE-2023-23915</cvename>
      <cvename>CVE-2023-23916</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2023-02-15</discovery>
      <entry>2023-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="3f9b6943-ba58-11ed-bbbd-00e0670f2660">
    <topic>strongSwan -- certificate verification vulnerability</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><ge>5.9.8</ge><lt>5.9.9_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>strongSwan reports:</p>
	<blockquote cite="https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html">
	  <p>A vulnerability related to certificate verification in TLS-based EAP methods
	     was discovered in strongSwan that results in a denial of service
	     but possibly even remote code execution. Versions 5.9.8 and 5.9.9
	     may be affected. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-26463</cvename>
      <url>https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html</url>
    </references>
    <dates>
      <discovery>2023-03-02</discovery>
      <entry>2023-03-04</entry>
    </dates>
  </vuln>

  <vuln vid="f7c5b3a9-b9fb-11ed-99c6-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.9.0</ge><lt>15.9.2</lt></range>
	<range><ge>15.8.0</ge><lt>15.8.4</lt></range>
	<range><ge>9.0.0</ge><lt>15.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/">
	  <p>Stored XSS via Kroki diagram</p>
	  <p>Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings</p>
	  <p>Improper validation of SSO and SCIM tokens while managing groups</p>
	  <p>Maintainer can leak Datadog API key by changing Datadog site</p>
	  <p>Clipboard based XSS in the title field of work items</p>
	  <p>Improper user right checks for personal snippets</p>
	  <p>Release Description visible in public projects despite release set as project members only</p>
	  <p>Group integration settings sensitive information exposed to project maintainers</p>
	  <p>Improve pagination limits for commits</p>
	  <p>Gitlab Open Redirect Vulnerability</p>
	  <p>Maintainer may become an Owner of a project</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0050</cvename>
      <cvename>CVE-2022-4289</cvename>
      <cvename>CVE-2022-4331</cvename>
      <cvename>CVE-2023-0483</cvename>
      <cvename>CVE-2022-4007</cvename>
      <cvename>CVE-2022-3758</cvename>
      <cvename>CVE-2023-0223</cvename>
      <cvename>CVE-2022-4462</cvename>
      <cvename>CVE-2023-1072</cvename>
      <cvename>CVE-2022-3381</cvename>
      <cvename>CVE-2023-1084</cvename>
      <url>https://about.gitlab.com/releases/2023/03/02/security-release-gitlab-15-9-2-released/</url>
    </references>
    <dates>
      <discovery>2023-03-02</discovery>
      <entry>2023-03-03</entry>
    </dates>
  </vuln>

  <vuln vid="6dccc186-b824-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in text panel plugin</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>9.2.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.2.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 1, a member of the security
	  team found a stored XSS vulnerability affecting the core text plugin.</p>
	  <p>The stored XSS vulnerability requires several user interactions in order
	  to be fully exploited. The vulnerability was possible due to React’s render
	  cycle that will pass through the unsanitized HTML code, but in the next cycle,
	  the HTML is cleaned up and saved in Grafana’s database.</p>
	  <p>The CVSS score for this vulnerability is 6.4 Medium
	  (CVSS:6.4/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22462</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf</url>
    </references>
    <dates>
      <discovery>2023-01-01</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="e7841611-b808-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in TraceView panel</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.21</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.21</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 30, a member
	  of the engineering team found a stored XSS vulnerability affecting
	  the <code>TraceView</code> panel.</p>
	  <p>The stored XSS vulnerability was possible because the value of a span’s
	  attributes/resources were not properly sanitized, and this will be rendered
	  when the span’s attributes/resources are expanded.</p>
	  <p>The CVSS score for this vulnerability is 7.3 High
	  (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0594</cvename>
      <url>https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/</url>
    </references>
    <dates>
      <discovery>2023-01-30</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="e2a8e2bd-b808-11ed-b695-6c3be5272acd">
    <topic>Grafana -- Stored XSS in geomap panel plugin via attribution</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><lt>8.5.21</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.5.21</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.13</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/">
	  <p>During an internal audit of Grafana on January 25, a member of the security
	  team found a stored XSS vulnerability affecting the core geomap plugin.</p>
	  <p>The stored XSS vulnerability was possible because map attributions weren’t
	  properly sanitized, allowing arbitrary JavaScript to be executed in the context
	  of the currently authorized user of the Grafana instance.</p>
	  <p>The CVSS score for this vulnerability is 7.3 High
	  (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0507</cvename>
      <url>https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/</url>
    </references>
    <dates>
      <discovery>2023-01-25</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="b17bce48-b7c6-11ed-b304-080027f5fec9">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.9</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.9.20230228</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.11</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.18</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team	reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI">
	  <dl>
	    <dt>CVE-2023-25155</dt>
	    <dd>
	      Specially crafted SRANDMEMBER, ZRANDMEMBER, and
	      HRANDFIELD commands can trigger an integer overflow,
	      resulting in a runtime assertion and termination of the
	      Redis server process.
	    </dd>
	    <dt>CVE-2022-36021</dt>
	    <dd>
	      String matching commands (like SCAN or KEYS) with a
	      specially crafted pattern to trigger a denial-of-service
	      attack on Redis, causing it to hang and consume 100% CPU
	      time.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-25155</cvename>
      <cvename>CVE-2022-36021</cvename>
      <url>https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI</url>
    </references>
    <dates>
      <discovery>2023-02-28</discovery>
      <entry>2023-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="a75929bd-b6a4-11ed-bad6-080027f5fec9">
    <topic>emacs -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<range><lt>28.2_3,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>30.0.50.20230101,3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Xi Lu reports:</p>
	<blockquote cite="https://www.debian.org/security/2023/dsa-5360">
	  <dl>
	    <dt>CVE-2022-48337</dt>
	    <dd>
	      GNU Emacs through 28.2 allows attackers to execute
	      commands via shell metacharacters in the name of a
	      source-code file, because lib-src/etags.c uses the
	      system C library function in its implementation of the
	      etags program. For example, a victim may use the
	      &quot;etags -u *&quot; command (suggested in the etags
	      documentation) in a situation where the current working
	      directory has contents that depend on untrusted input.
	    </dd>
	    <dt>CVE-2022-48338</dt>
	    <dd>
	      An issue was discovered in GNU Emacs through 28.2. In
	      ruby-mode.el, the ruby-find-library-file function has a
	      local command injection vulnerability. The
	      ruby-find-library-file function is an interactive
	      function, and bound to C-c C-f. Inside the function, the
	      external command gem is called through
	      shell-command-to-string, but the feature-name parameters
	      are not escaped. Thus, malicious Ruby source files may
	      cause commands to be executed.
	    </dd>
	    <dt>CVE-2022-48339</dt>
	    <dd>
	      An issue was discovered in GNU Emacs through
	      28.2. htmlfontify.el has a command injection
	      vulnerability. In the hfy-istext-command function, the
	      parameter file and parameter srcdir come from external
	      input, and parameters are not escaped. If a file name or
	      directory name contains shell metacharacters, code may
	      be executed.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-48337</cvename>
      <cvename>CVE-2022-48338</cvename>
      <cvename>CVE-2022-48339</cvename>
      <url>https://www.debian.org/security/2023/dsa-5360</url>
    </references>
    <dates>
      <discovery>2022-12-06</discovery>
      <entry>2023-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="dd271de6-b444-11ed-9268-b42e991fc52e">
    <topic>freerdp -- clients using the `/video` command line switch might read uninitialized data</topic>
    <affects>
      <package>
	<name>freerdp</name>
	<range><lt>2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
      <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283">
	<p>
	  All FreeRDP based clients when using the `/video`
	  command line switch might read uninitialized data, decode
	  it as audio/video and display the result. FreeRDP based
	  server implementations are not affected.
	</p>
      </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39283</cvename>
      <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh</url>
    </references>
    <dates>
      <discovery>2022-10-13</discovery>
      <entry>2023-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="c682923d-b444-11ed-9268-b42e991fc52e">
    <topic>freerdp -- clients using `/parallel` command line switch might read uninitialized data</topic>
    <affects>
      <package>
	<name>freerdp</name>
	<range><lt>2.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
      <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282">
	<p>
	  FreeRDP based clients on unix systems using
	  `/parallel` command line switch might read uninitialized
	  data and send it to the server the client is currently
	  connected to. FreeRDP based server implementations are not
	  affected.
	</p>
      </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39282</cvename>
      <url>https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq</url>
    </references>
    <dates>
      <discovery>2022-10-13</discovery>
      <entry>2023-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
       <name>chromium</name>
       <range><lt>110.0.5481.177</lt></range>
      </package>
      <package>
       <name>ungoogled-chromium</name>
       <range><lt>110.0.5481.177</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Chrome Releases reports:</p>
       <blockquote cite="https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html">
	 <p>This update includes 10 security fixes:</p>
	 <ul>
	   <li>[1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13</li>
	   <li>[1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10</li>
	   <li>[1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22</li>
	   <li>[1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09</li>
	   <li>[1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27</li>
	   <li>[1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17</li>
	   <li>[1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05</li>
	   <li>[1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN</li>
	 </ul>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0941</cvename>
      <cvename>CVE-2023-0927</cvename>
      <cvename>CVE-2023-0928</cvename>
      <cvename>CVE-2023-0929</cvename>
      <cvename>CVE-2023-0930</cvename>
      <cvename>CVE-2023-0931</cvename>
      <cvename>CVE-2023-0932</cvename>
      <cvename>CVE-2023-0933</cvename>
      <url>https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html</url>
    </references>
    <dates>
      <discovery>2023-02-22</discovery>
      <entry>2023-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="7a425536-74f7-4ce4-9768-0079a9d44d11">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.6">
	  <p> Receiving DNS responses from async DNS requests (via
	  the lookup_addr, etc BIF methods) with the TTL set to
	  zero could cause the DNS manager to eventually stop being
	  able to make new requests. </p>
	  <p> Specially-crafted FTP packets with excessively long
	  usernames, passwords, or other fields could cause log
	  writes to use large amounts of disk space. </p>
	  <p> The find_all and find_all_ordered BIF methods could
	  take extremely large amounts of time to process incoming
	  data depending on the size of the input. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.7</url>
    </references>
    <dates>
      <discovery>2023-02-21</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="421c0af9-b206-11ed-9fe5-f4a47516fb57">
    <topic>libde256 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>libde265</name>
	<range><lt>1.0.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Libde265 developer reports:</p>
	<blockquote cite="https://github.com/strukturag/libde265/releases/tag/v1.0.10">
	  <p>This release fixes the known CVEs below. Many of them are actually caused by the same underlying issues that manifest in different ways.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-21594</cvename>
      <cvename>CVE-2020-21595</cvename>
      <cvename>CVE-2020-21596</cvename>
      <cvename>CVE-2020-21597</cvename>
      <cvename>CVE-2020-21598</cvename>
      <cvename>CVE-2020-21599</cvename>
      <cvename>CVE-2020-21600</cvename>
      <cvename>CVE-2020-21601</cvename>
      <cvename>CVE-2020-21602</cvename>
      <cvename>CVE-2020-21603</cvename>
      <cvename>CVE-2020-21604</cvename>
      <cvename>CVE-2020-21605</cvename>
      <cvename>CVE-2020-21606</cvename>
      <cvename>CVE-2022-1253</cvename>
      <cvename>CVE-2022-43236</cvename>
      <cvename>CVE-2022-43237</cvename>
      <cvename>CVE-2022-43238</cvename>
      <cvename>CVE-2022-43239</cvename>
      <cvename>CVE-2022-43240</cvename>
      <cvename>CVE-2022-43241</cvename>
      <cvename>CVE-2022-43242</cvename>
      <cvename>CVE-2022-43243</cvename>
      <cvename>CVE-2022-43244</cvename>
      <cvename>CVE-2022-43245</cvename>
      <cvename>CVE-2022-43248</cvename>
      <cvename>CVE-2022-43249</cvename>
      <cvename>CVE-2022-43250</cvename>
      <cvename>CVE-2022-43252</cvename>
      <cvename>CVE-2022-43253</cvename>
      <cvename>CVE-2022-47655</cvename>
      <url>https://github.com/strukturag/libde265/releases/tag/v1.0.10</url>
    </references>
    <dates>
      <discovery>2023-01-27</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="21f12de8-b1db-11ed-b0f4-002590f2a714">
    <topic>git -- "git apply" overwriting paths outside the working tree</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh">
	  <p>By feeding a crafted input to "git apply", a path outside the
	    working tree can be overwritten as the user who is running "git
	    apply".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23946</cvename>
      <url>https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="9548d6ed-b1da-11ed-b0f4-002590f2a714">
    <topic>git -- Local clone-based data exfiltration with non-local transports</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q">
	  <p>Using a specially-crafted repository, Git can be tricked into using
	    its local clone optimization even when using a non-local transport.
	    Though Git will abort local clones whose source $GIT_DIR/objects
	    directory contains symbolic links (c.f., CVE-2022-39253), the objects
	    directory itself may still be a symbolic link.</p>

	  <p>These two may be combined to include arbitrary files based on known
	    paths on the victim's filesystem within the malicious repository's
	    working copy, allowing for data exfiltration in a similar manner as
	    CVE-2022-39253.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22490</cvename>
      <url>https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="8fafbef4-b1d9-11ed-b0f4-002590f2a714">
    <topic>git -- gitattributes parsing integer overflow</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89">
	  <p>gitattributes are used to define unique attributes corresponding
	    to paths in your repository. These attributes are defined by
	    .gitattributes file(s) within your repository.</p>

	  <p>The parser used to read these files has multiple integer
	    overflows, which can occur when parsing either a large number
	    of patterns, a large number of attributes, or attributes with
	    overly-long names.</p>

	  <p>These overflows may be triggered via a malicious
	    .gitattributes file. However, Git automatically splits lines at
	    2KB when reading .gitattributes from a file, but not when parsing
	    it from the index. Successfully exploiting this vulnerability
	    depends on the location of the .gitattributes file in question.</p>

	  <p>This integer overflow can result in arbitrary heap reads
	    and writes, which may result in remote code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23521</cvename>
      <url>https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="2fcca7e4-b1d7-11ed-b0f4-002590f2a714">
    <topic>git -- Heap overflow in `git archive`, `git log --format` leading to RCE</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.39.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The git team reports:</p>
	<blockquote cite="https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq">
	  <p>git log has the ability to display commits using an arbitrary
	    format with its --format specifiers. This functionality is also
	    exposed to git archive via the export-subst gitattribute.</p>
	  <p>When processing the padding operators (e.g., %&#x3c;(, %&#x3c;|(,
	    %>(, %>>(, or %>&#x3c;( ), an integer overflow can occur in
	    pretty.c::format_and_pad_commit() where a size_t is improperly
	    stored as an int, and then added as an offset to a subsequent
	    memcpy() call.</p>
	  <p>This overflow can be triggered directly by a user running a
	    command which invokes the commit formatting machinery (e.g., git
	    log --format=...). It may also be triggered indirectly through
	    git archive via the export-subst mechanism, which expands format
	    specifiers inside of files within the repository during a git
	    archive.</p>
	  <p>This integer overflow can result in arbitrary heap writes, which
	    may result in remote code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41903</cvename>
      <url>https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="5048ed45-b0f1-11ed-ab04-9106b1b896dd">
    <topic>gitea -- password hash quality</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22942">
	  <p>This PR refactors and improves the password hashing code within
	    gitea and makes it possible for server administrators to set the
	    password hashing parameters.</p>
	  <p>In addition it takes the opportunity to adjust the settings for
	    pbkdf2 in order to make the hashing a little stronger.</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22823">
	  <p>Add command to bulk set must-change-password</p>
	  <p>As part of administration sometimes it is appropriate to
	    forcibly tell users to update their passwords.</p>
	  <p>This PR creates a new command gitea admin user
	    must-change-password which will set the MustChangePassword flag on
	    the provided users.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2023/02/gitea-1.18.4-is-released/</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.18.4</url>
    </references>
    <dates>
      <discovery>2022-02-14</discovery>
      <entry>2023-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="428922c9-b07e-11ed-8700-5404a68ad561">
    <topic>traefik -- Use of vulnerable Go module x/net/http2</topic>
    <affects>
      <package>
	<name>traefik</name>
	<range><lt>2.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://pkg.go.dev/vuln/GO-2023-1495">
	  <p>A request smuggling attack is possible when using
       MaxBytesHandler. When using MaxBytesHandler, the body of
       an HTTP request is not fully consumed. When the server
       attempts to read HTTP2 frames from the connection, it
       will instead be reading the body of the HTTP request,
       which could be attacker-manipulated to represent
       arbitrary HTTP2 requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41721</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721</url>
    </references>
    <dates>
      <discovery>2022-10-22</discovery>
      <entry>2023-02-19</entry>
    </dates>
  </vuln>

  <vuln vid="27c822a0-addc-11ed-a9ee-dca632b19f10">
    <topic>Rundeck3 -- Log4J RCE vulnerability</topic>
    <affects>
      <package>
	<name>rundeck3</name>
	<range><lt>3.4.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Rundeck project reports:</p>
	<blockquote cite="https://docs.rundeck.com/docs/history/3_4_x/version-3.4.10.html">
	  <p>This release updates both Community and Enterprise with the latest Log4J
	    to address CVE-2021-44832 by updating it to 2.17.1.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44832</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832</url>
    </references>
    <dates>
      <discovery>2021-12-11</discovery>
      <entry>2023-02-16</entry>
    </dates>
  </vuln>

  <vuln vid="8e20430d-a72b-11ed-a04f-40b034455553">
    <topic>MinIO -- unprivileged users can create service accounts for admin users</topic>
    <affects>
      <package>
	<name>minio</name>
	<range><lt>2022.04.12.06.55.35</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MinIO reports:</p>
	<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q">
	  <p>
	      A security issue was found where an unprivileged user is
	      able to create service accounts for root or other admin
	      users and then is able to assume their access policies
	      via the generated credentials.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24842</cvename>
      <url>https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q</url>
    </references>
    <dates>
      <discovery>2022-04-11</discovery>
      <entry>2023-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="fd792048-ad91-11ed-a879-080027f5fec9">
    <topic>clamav -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>1.0.1,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><lt>0.103.8,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Scannell reports:</p>
	<blockquote cite="https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html">
	  <dl>
	    <dt>CVE-2023-20032</dt>
	    <dd>
	      Fixed a possible remote code execution vulnerability in the HFS+ file parser.
	    </dd>
	    <dt>CVE-2023-20052</dt>
	    <dd>
	      Fixed a possible remote information leak vulnerability in the DMG file parser.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-20032</cvename>
      <cvename>CVE-2023-20052</cvename>
      <url>https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html</url>
    </references>
    <dates>
      <discovery>2023-02-15</discovery>
      <entry>2023-02-16</entry>
    </dates>
  </vuln>

  <vuln vid="3d73e384-ad1f-11ed-983c-83fe35862e3a">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go119</name>
	<range><lt>1.19.6</lt></range>
      </package>
      <package>
	<name>go120</name>
	<range><lt>1.20.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/57274">
	  <p>path/filepath: path traversal in filepath.Clean on Windows</p>
	  <p>On Windows, the filepath.Clean function could transform
	    an invalid path such as a/../c:/b into the valid path
	    c:\b. This transformation of a relative (if invalid)
	    path into an absolute path could enable a directory
	    traversal attack. The filepath.Clean function will now
	    transform this path into the relative (but still
	    invalid) path .\c:\b.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/58006">
	  <p>net/http, mime/multipart: denial of service from excessive
	    resource consumption</p>
	  <p>Multipart form parsing with
	    mime/multipart.Reader.ReadForm can consume largely
	    unlimited amounts of memory and disk files. This also
	    affects form parsing in the net/http package with the
	    Request methods FormFile, FormValue, ParseMultipartForm,
	    and PostFormValue.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/58001">
	  <p>crypto/tls: large handshake records may cause panics</p>
	  <p>
	    Both clients and servers may send large TLS handshake
	    records which cause servers and clients,
	    respectively, to panic when attempting to construct responses.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/57855">
	  <p>net/http: avoid quadratic complexity in HPACK decoding</p>
	  <p>A maliciously crafted HTTP/2 stream could cause
	    excessive CPU consumption in the HPACK decoder,
	    sufficient to cause a denial of service from a small
	    number of small requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41722</cvename>
      <cvename>CVE-2022-41725</cvename>
      <cvename>CVE-2022-41724</cvename>
      <cvename>CVE-2022-41723</cvename>
      <url>https://groups.google.com/g/golang-dev/c/G2APtTxT1HQ/m/6O6aksDaBAAJ</url>
    </references>
    <dates>
      <discovery>2023-02-14</discovery>
      <entry>2023-02-15</entry>
    </dates>
  </vuln>

  <vuln vid="9c9ee9a6-ac5e-11ed-9323-080027d3a315">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.18</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.10</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<range><lt>4.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/feb/14/security-releases/">
	  <p>CVE-2023-24580: Potential denial-of-service vulnerability in file uploads.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-24580</cvename>
      <url>https://www.djangoproject.com/weblog/2023/feb/14/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-14</entry>
    </dates>
  </vuln>

  <vuln vid="0a7a5dfb-aba4-11ed-be2c-001cc0382b2f">
    <topic>GnuTLS -- timing sidechannel in RSA decryption</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>3.7.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The GnuTLS project reports:</p>
	<blockquote cite="https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14">
	  <p>A vulnerability was found that the response times to malformed RSA
	    ciphertexts in ClientKeyExchange differ from response times of
	    ciphertexts with correct PKCS#1 v1.5 padding. Only TLS ciphertext
	    processing is affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0361</cvename>
      <url>https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14</url>
    </references>
    <dates>
      <discovery>2023-02-10</discovery>
      <entry>2023-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="3eccc968-ab17-11ed-bd9e-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-24">
	  <p>a bypass to flood admin with FAQ proposals</p>
	  <p>stored XSS in questions</p>
	  <p>stored HTML injections</p>
	  <p>weak passwords </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/</url>
      <url>https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/</url>
      <url>https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/</url>
      <url>https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/</url>
      <url>https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/</url>
      <url>https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/</url>
      <url>https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/</url>
      <url>https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/</url>
      <url>https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/</url>
      <url>https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/</url>
    </references>
    <dates>
      <discovery>2023-02-12</discovery>
      <entry>2023-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="310ca30e-a951-11ed-8314-a8a1599412c6">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>110.0.5481.77</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>110.0.5481.77</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html">
	  <p>This release contains 15 security fixes, including:</p>
	  <ul>
	    <li>[1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18</li>
	    <li>[1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03</li>
	    <li>[1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25</li>
	    <li>[1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06</li>
	    <li>[1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26</li>
	    <li>[1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05</li>
	    <li>[1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14</li>
	    <li>[1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07</li>
	    <li>[1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18</li>
	    <li>[1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0696</cvename>
      <cvename>CVE-2023-0697</cvename>
      <cvename>CVE-2023-0698</cvename>
      <cvename>CVE-2023-0699</cvename>
      <cvename>CVE-2023-0700</cvename>
      <cvename>CVE-2023-0701</cvename>
      <cvename>CVE-2023-0702</cvename>
      <cvename>CVE-2023-0703</cvename>
      <cvename>CVE-2023-0704</cvename>
      <cvename>CVE-2023-0705</cvename>
      <url>https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="7a8b6170-a889-11ed-bbae-6cc21735f730">
    <topic>PostgreSQL server -- Client memory disclosure when connecting, with Kerberos, to modified server.</topic>
    <affects>
      <package>
	<name>postgresql15-client</name>
	<range><lt>15.2</lt></range>
      </package>
      <package>
	<name>postgresql14-client</name>
	<range><lt>14.7</lt></range>
      </package>
      <package>
	<name>postgresql13-client</name>
	<range><lt>13.10</lt></range>
      </package>
      <package>
	<name>postgresql12-client</name>
	<range><lt>12.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PostgreSQL Project reports:</p>
	<blockquote cite="https://www.postgresql.org/support/security/CVE-2022-41862/">
	  <p>
	    A modified, unauthenticated server can send an
	    unterminated string during the establishment of Kerberos
	    transport encryption. When a libpq client application
	    has a Kerberos credential cache and doesn't explicitly
	    disable option gssencmode, a server can cause libpq to
	    over-read and report an error message containing
	    uninitialized bytes from and following its receive
	    buffer. If libpq's caller somehow makes that message
	    accessible to the attacker, this achieves a disclosure
	    of the over-read bytes. We have not confirmed or ruled
	    out viability of attacks that arrange for a crash or for
	    presence of notable, confidential information in
	    disclosed bytes.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41862</cvename>
      <url>https://www.postgresql.org/support/security/CVE-2022-41862/</url>
    </references>
    <dates>
      <discovery>2023-02-09</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="ecffb881-a7a7-11ed-8d6a-6c3be5272acd">
    <topic>Grafana -- Stored XSS in ResourcePicker component</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.1.0</ge><lt>8.5.16</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.1.0</ge><lt>8.5.16</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/">
	  <p>On 2022-12-16 during an internal audit of Grafana, a member of the security
	  team found a stored XSS vulnerability affecting the core plugin GeoMap.</p>
	  <p>The stored XSS vulnerability was possible due to SVG-files weren't properly
	  sanitized and allowed arbitrary JavaScript to be executed in the context
	  of the currently authorized user of the Grafana instance.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23552</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv</url>
    </references>
    <dates>
      <discovery>2022-12-16</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="e6281d88-a7a7-11ed-8d6a-6c3be5272acd">
    <topic>Grafana -- Spoofing originalUrl of snapshots</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.0.0</ge><lt>8.5.16</lt></range>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.5.16</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.2.10</lt></range>
	<range><ge>9.3.0</ge><lt>9.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2023/01/25/grafana-security-releases-new-versions-with-fixes-for-cve-2022-23552-cve-2022-41912-and-cve-2022-39324/">
	  <p>A third-party penetration test of Grafana found a vulnerability
	  in the snapshot functionality. The value of the originalUrl parameter
	  is automatically generated. The purpose of the presented originalUrl parameter
	  is to provide a user who views the snapshot with the possibility to click
	  on the <strong>Local Snapshot</strong> button in the Grafana web UI
	  and be presented with the dashboard that the snapshot captured. The value
	  of the originalUrl parameter can be arbitrarily chosen by a malicious user that
	  creates the snapshot. (Note: This can be done by editing the query thanks
	  to a web proxy like Burp.)</p>
	  <p>We have assessed this vulnerability as having a CVSS score of 6.7 MEDIUM
	  (CVSS:6.7/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39324</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-4724-7jwc-3fpw</url>
    </references>
    <dates>
      <discovery>2023-01-25</discovery>
      <entry>2023-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="1dd84344-a7da-11ed-86e9-d4c9ef517024">
    <topic>LibreSSL -- Arbitrary memory read</topic>
    <affects>
      <package>
	<name>libressl</name>
	<range><lt>3.5.4</lt></range>
      </package>
      <package>
	<name>libressl-devel</name>
	<range><lt>3.6.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenBSD project reports:</p>
	<blockquote cite="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt">
	  <p>A malicious certificate revocation list or timestamp response token
	    would allow an attacker to read arbitrary memory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt</url>
    </references>
    <dates>
      <discovery>2023-02-08</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="6cc63bf5-a727-4155-8ec4-68b626475e68">
    <topic>xorg-server -- Security issue in the X server</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.7,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.7,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>22.1.8,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.386</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2023-February/003320.html">
	  <ul>
	    <li>CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses
	    use-after-free

	    <p>A dangling pointer in DeepCopyPointerClasses can be exploited by
	    ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into
	    freed memory.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2023-February/003320.html</url>
      <cvename>CVE-2023-0494</cvename>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="b34c1947-a749-11ed-b24b-1c61b4739ac9">
    <topic>TightVNC -- Muliple Vulnerabilities</topic>
    <affects>
      <package>
	<name>tightvnc</name>
	<range><le>1.3.10_6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287">
	  <p>TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678">
	  <p>TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679">
	  <p>TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680">
	  <p>TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-8287</cvename>
      <cvename>CVE-2019-15678</cvename>
      <cvename>CVE-2019-15679</cvename>
      <cvename>CVE-2019-15680</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8287</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15678</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15679</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15680</url>
    </references>
    <dates>
      <discovery>2019-02-12</discovery>
      <entry>2023-02-08</entry>
    </dates>
  </vuln>

  <vuln vid="648a432c-a71f-11ed-86e9-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1t,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.8</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20230207.txt">
	  <p>X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) (High):
	    There is a type confusion vulnerability relating to X.400 address processing
	    inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
	    the public structure definition for GENERAL_NAME incorrectly specified the type
	    of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
	    the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
	    ASN1_STRING.</p>
	  <p>Timing Oracle in RSA Decryption (CVE-2022-4304) (Moderate):
	    A timing based side channel exists in the OpenSSL RSA Decryption implementation
	    which could be sufficient to recover a plaintext across a network in a
	    Bleichenbacher style attack. To achieve a successful decryption an attacker
	    would have to be able to send a very large number of trial messages for
	    decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
	    RSA-OEAP and RSASVE.</p>
	  <p>X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203) (Moderate):
	    A read buffer overrun can be triggered in X.509 certificate verification,
	    specifically in name constraint checking. Note that this occurs
	    after certificate chain signature verification and requires either a
	    CA to have signed the malicious certificate or for the application to
	    continue certificate verification despite failure to construct a path
	    to a trusted issuer.</p>
	  <p>Use-after-free following BIO_new_NDEF (CVE-2023-0215) (Moderate):
	    The public API function BIO_new_NDEF is a helper function used for streaming
	    ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
	    SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
	    end user applications.</p>
	  <p>Double free after calling PEM_read_bio_ex (CVE-2022-4450) (Moderate):
	    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
	    decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
	    If the function succeeds then the "name_out", "header" and "data" arguments are
	    populated with pointers to buffers containing the relevant decoded data. The
	    caller is responsible for freeing those buffers. It is possible to construct a
	    PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
	    will return a failure code but will populate the header argument with a pointer
	    to a buffer that has already been freed. If the caller also frees this buffer
	    then a double free will occur. This will most likely lead to a crash. This
	    could be exploited by an attacker who has the ability to supply malicious PEM
	    files for parsing to achieve a denial of service attack.</p>
	  <p>Invalid pointer dereference in d2i_PKCS7 functions (CVE-2023-0216) (Moderate):
	    An invalid pointer dereference on read can be triggered when an
	    application tries to load malformed PKCS7 data with the
	    d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.</p>
	  <p>NULL dereference validating DSA public key (CVE-2023-0217) (Moderate):
	    An invalid pointer dereference on read can be triggered when an
	    application tries to check a malformed DSA public key by the
	    EVP_PKEY_public_check() function. This will most likely lead
	    to an application crash. This function can be called on public
	    keys supplied from untrusted sources which could allow an attacker
	    to cause a denial of service attack.</p>
	  <p>NULL dereference during PKCS7 data verification (CVE-2023-0401) (Moderate):
	    A NULL pointer can be dereferenced when signatures are being
	    verified on PKCS7 signed or signedAndEnveloped data. In case the hash
	    algorithm used for the signature is known to the OpenSSL library but
	    the implementation of the hash algorithm is not available the digest
	    initialization will fail. There is a missing check for the return
	    value from the initialization function which later leads to invalid
	    usage of the digest API most likely leading to a crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0286</cvename>
      <cvename>CVE-2022-4304</cvename>
      <cvename>CVE-2022-4203</cvename>
      <cvename>CVE-2023-0215</cvename>
      <cvename>CVE-2022-4450</cvename>
      <cvename>CVE-2023-0216</cvename>
      <cvename>CVE-2023-0401</cvename>
      <url>https://www.openssl.org/news/secadv/20230207.txt</url>
    </references>
    <dates>
      <discovery>2023-02-07</discovery>
      <entry>2023-02-07</entry>
    </dates>
  </vuln>

  <vuln vid="c49a880d-a5bb-11ed-aab5-080027de9982">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.17</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.9</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<range><lt>4.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2023/feb/01/security-releases/">
	  <p>CVE-2023-23969: Potential denial-of-service via Accept-Language headers.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23969</cvename>
      <url>https://www.djangoproject.com/weblog/2023/feb/01/security-releases/</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-06</entry>
    </dates>
  </vuln>

  <vuln vid="01823528-a4c1-11ed-b6af-b42e991fc52e">
    <topic>kafka -- Denial Of Service vulnerability</topic>
    <affects>
      <package>
	<name>kafka</name>
	<range><lt>3.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NIST reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-36518">
	  <p>jackson-databind before 2.13.0 allows a Java StackOverflow
	    exception and denial of service via a large depth of nested
	    objects.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-36518</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2020-36518</url>
    </references>
    <dates>
      <discovery>2022-03-11</discovery>
      <entry>2023-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="d835c54f-a4bd-11ed-b6af-b42e991fc52e">
    <topic>node_exporter -- bypass security with cache poisoning</topic>
    <affects>
      <package>
	<name>node_exporter</name>
	<range><lt>1.5.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Prometheus team reports:</p>
	<blockquote cite="https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p">
	<p>
	  Prometheus and its exporters can be secured by a web.yml file that
	  specifies usernames and hashed passwords for basic authentication.
	  Passwords are hashed with bcrypt, which means that even if you have
	  access to the hash, it is very hard to find the original password
	  back. Passwords are hashed with bcrypt, which means that even if you
	  have access to the hash, it is very hard to find the original
	  password back. However, a flaw in the way this mechanism was
	  implemented in the exporter toolkit makes it possible with people
	  who know the hashed password to authenticate against Prometheus.
	  A request can be forged by an attacker to poison the internal cache
	  used to cache the computation of hashes and make subsequent requests
	  successful. This cache is used in both happy and unhappy scenarios
	  in order to limit side channel attacks that could tell an attacker
	  if a user is present in the file or not.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46146</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146</url>
    </references>
    <dates>
      <discovery>2021-11-28</discovery>
      <entry>2023-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="8dd438ed-a338-11ed-b48b-589cfc0f81b0">
    <topic>Asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><lt>18.15.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
	  <p>AST-2022-007: Remote Crash Vulnerability in H323 channel add on</p>
	  <p>AST-2022-008: Use after free in res_pjsip_pubsub.c</p>
	  <p>AST-2022-009: GetConfig AMI Action can read files outside of
	    Asterisk directory</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37325</cvename>
      <cvename>CVE-2022-42705</cvename>
      <cvename>CVE-2022-42706</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-007.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-008.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-009.html</url>
    </references>
    <dates>
      <discovery>2022-12-01</discovery>
      <entry>2023-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18">
    <topic>Spotipy -- Path traversal vulnerability</topic>
    <affects>
      <package>
	<name>py37-spotipy</name>
	<name>py38-spotipy</name>
	<name>py39-spotipy</name>
	<name>py310-spotipy</name>
	<name>py311-spotipy</name>
	<range><le>2.22.0</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Stéphane Bruckert</p>
  <blockquote cite="https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v">
	  <p>If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-23608</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23608</url>
      <url>https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v</url>
    </references>
    <dates>
      <discovery>2023-01-16</discovery>
      <entry>2023-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.6">
	  <p> A missing field in the SMB FSControl script-land record could
	  cause a heap buffer overflow when receiving packets containing
	  those header types. </p>
	  <p> Receiving a series of packets that start with HTTP/1.0
	  and then switch to HTTP/0.9 could cause Zeek to spend a
	  large amount of time processing the packets. </p>
	  <p> Receiving large numbers of FTP commands sequentially
	  from the network with bad data in them could cause Zeek
	  to spend a large amount of time processing the packets,
	  and generate a large amount of events. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.6</url>
    </references>
    <dates>
      <discovery>2023-02-01</discovery>
      <entry>2023-02-01</entry>
    </dates>
  </vuln>

  <vuln vid="ee890be3-a1ec-11ed-a81d-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.8.0</ge><lt>15.8.1</lt></range>
	<range><ge>15.7.0</ge><lt>15.7.6</lt></range>
	<range><ge>12.4.0</ge><lt>15.6.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/">
	  <p>Denial of Service via arbitrarily large Issue descriptions</p>
	  <p>CSRF via file upload allows an attacker to take over a repository</p>
	  <p>Sidekiq background job DoS by uploading malicious CI job artifact zips</p>
	  <p>Sidekiq background job DoS by uploading a malicious Helm package</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3411</cvename>
      <cvename>CVE-2022-4138</cvename>
      <cvename>CVE-2022-3759</cvename>
      <cvename>CVE-2023-0518</cvename>
      <url>https://about.gitlab.com/releases/2023/01/31/security-release-gitlab-15-8-1-released/</url>
    </references>
    <dates>
      <discovery>2023-01-31</discovery>
      <entry>2023-02-01</entry>
    </dates>
  </vuln>

  <vuln vid="98f78c7a-a08e-11ed-946e-002b67dfc673">
    <topic>Plex Media Server -- security vulnerability</topic>
    <affects>
      <package>
	<name>plexmediaserver</name>
	<name>plexmediaserver-plexpass</name>
	<range><lt>1.25.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Plex Security Team reports:</p>
	<blockquote cite="https://forums.plex.tv/t/security-regarding-cve-2021-42835/761510">
	  <p>We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine.</p>
	  <p>Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-42835</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835</url>
    </references>
    <dates>
      <discovery>2021-10-22</discovery>
      <entry>2023-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="791a09c5-a086-11ed-954d-b42e991fc52e">
    <topic>prometheus2 -- basic authentication bypass</topic>
    <affects>
      <package>
	<name>prometheus</name>
	<range><lt>0.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Prometheus team reports:</p>
	<blockquote cite="https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p">
	<p>
	  Prometheus and its exporters can be secured by a web.yml file that
	  specifies usernames and hashed passwords for basic authentication.
	  Passwords are hashed with bcrypt, which means that even if you have
	  access to the hash, it is very hard to find the original password
	  back. Passwords are hashed with bcrypt, which means that even if you
	  have access to the hash, it is very hard to find the original
	  password back. However, a flaw in the way this mechanism was
	  implemented in the exporter toolkit makes it possible with people
	  who know the hashed password to authenticate against Prometheus.
	  A request can be forged by an attacker to poison the internal cache
	  used to cache the computation of hashes and make subsequent requests
	  successful. This cache is used in both happy and unhappy scenarios
	  in order to limit side channel attacks that could tell an attacker
	    if a user is present in the file or not.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46146</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146</url>
    </references>
    <dates>
      <discovery>2022-11-28</discovery>
      <entry>2023-01-30</entry>
    </dates>
  </vuln>

  <vuln vid="3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>109.0.5414.119</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>109.0.5414.119</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html">
	  <p>This release contains 6 security fixes, including:</p>
	  <ul>
	    <li>[1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19</li>
	    <li>[1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06</li>
	    <li>[1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03</li>
	    <li>[1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0471</cvename>
      <cvename>CVE-2023-0472</cvename>
      <cvename>CVE-2023-0473</cvename>
      <cvename>CVE-2023-0474</cvename>
      <url>https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2023-01-24</discovery>
      <entry>2023-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="b0e1fa2b-9c86-11ed-9296-002b67dfc673">
    <topic>re2c -- uncontrolled recursion</topic>
    <affects>
      <package>
	<name>re2c</name>
	<range><lt>2.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>re2c reports:</p>
	<blockquote cite="https://github.com/advisories/GHSA-pgr8-gpgg-9j5m">
	  <p>re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-21232</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2018-21232</url>
    </references>
    <dates>
      <discovery>2022-05-24</discovery>
      <entry>2023-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="b8a0fea2-9be9-11ed-8acf-0800277bb8a8">
    <topic>gitea -- information disclosure</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22566">
	  <p>Prevent multiple To recipients: Change the mailer interface to
	    prevent leaking of possible hidden email addresses when sending
	    to multiple recipients.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2023/01/gitea-1.18.3-is-released/</url>
    </references>
    <dates>
      <discovery>2022-01-22</discovery>
      <entry>2023-01-24</entry>
    </dates>
  </vuln>

  <vuln vid="7844789a-9b1f-11ed-9a3f-b42e991fc52e">
    <topic>net/krill -- DoS vulnerability</topic>
    <affects>
      <package>
	<name>krill</name>
	<range><lt>0.12.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158">
	<p>
		NLnet Labs Krill supports direct access to the RRDP repository
		content through its built-in web server at the "/rrdp" endpoint.
		Prior to 0.12.1 a direct query for any existing directory under
		"/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml"
		as would be expected, causes Krill to crash. If the built-in "/rrdp"
		endpoint is exposed directly to the internet, then malicious remote
		parties can cause the publication server to crash. The repository
		content is not affected by this, but the availability of the server
		and repository can cause issues if this attack is persistent and is
		not mitigated. .
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0158</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0158</url>
    </references>
    <dates>
      <discovery>2023-01-10</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="bba3f684-9b1d-11ed-9a3f-b42e991fc52e">
    <topic>www/awstats -- Partial absolute pathname</topic>
    <affects>
      <package>
	<name>awstats</name>
	<range><lt>7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MITRE reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176">
	  <p>It seems #90 is not completely fixed in 7.8.
	    (that is, even after CVE-2017-1000501 and CVE-2020-29600 are fixed).
	  In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a
	  partial absolute pathname (omitting the initial /etc), even
	  though it was intended to only read a file in the /etc/awstats/awstats.conf format.
	  NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-35176</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176</url>
    </references>
    <dates>
      <discovery>2022-12-11</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="b6f7ad7d-9b19-11ed-9a3f-b42e991fc52e">
    <topic>net/eternalterminal -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>eternalterminal</name>
	<range><lt>6.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mitre reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257">
	  <p>etserver and etclient have predictable logfile names in
	    /tmp and they are world-readable logfiles</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-48257</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48257</url>
      <cvename>CVE-2022-48258</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48258</url>
    </references>
    <dates>
      <discovery>2023-01-13</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="28b69630-9b10-11ed-97a6-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><ge>4.8.0</ge><lt>4.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://blog.powerdns.com/2023/01/20/security-advisory-2023-01-for-powerdns-recursor-4-8-0/">
	  <p>PowerDNS Security Advisory 2023-01: unbounded recursion results in program termination</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22617</cvename>
      <url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-01.html</url>
    </references>
    <dates>
      <discovery>2023-01-20</discovery>
      <entry>2023-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="a3b10c9b-99d9-11ed-aa55-d05099fed512">
	  <topic>shells/fish -- arbitrary code execution via git</topic>
    <affects>
      <package>
	<name>fish</name>
	<range><ge>3.1.0</ge><lt>3.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Peter Ammon reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-20001">
	<p>
		fish is a command line shell. fish version 3.1.0 through
		version 3.3.1 is vulnerable to arbitrary code execution.
		git repositories can contain per-repository
		configuration that change the behavior of git, including
		running arbitrary commands. When using the default
		configuration of fish, changing to a directory
		automatically runs git commands in order to display
		information about the current repository in the prompt.
		If an attacker can convince a user to change their
		current directory into one controlled by the attacker,
		such as on a shared file system or extracted archive,
		fish will run arbitrary commands under the attacker's
		control. This problem has been fixed in fish 3.4.0. Note
		that running git in these directories, including using
		the git tab completion, remains a potential trigger for
		this issue. As a workaround, remove the
		fish_git_prompt function from the prompt.
	    </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-20001</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20001</url>
    </references>
    <dates>
      <discovery>2021-12-26</discovery>
      <entry>2023-01-21</entry>
    </dates>
  </vuln>

  <vuln vid="dc49f6dc-99d2-11ed-86e9-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-connector-odbc</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-client57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.42</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.33</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.33</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 37 new security patches for
	    Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network withouti
	    requiring user credentials.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32221</cvename>
      <cvename>CVE-2022-24407</cvename>
      <cvename>CVE-2022-24407</cvename>
      <cvename>CVE-2022-3171</cvename>
      <cvename>CVE-2022-1941</cvename>
      <cvename>CVE-2023-21868</cvename>
      <cvename>CVE-2023-21860</cvename>
      <cvename>CVE-2023-21875</cvename>
      <cvename>CVE-2023-21869</cvename>
      <cvename>CVE-2023-21877</cvename>
      <cvename>CVE-2023-21880</cvename>
      <cvename>CVE-2023-21872</cvename>
      <cvename>CVE-2023-21871</cvename>
      <cvename>CVE-2023-21836</cvename>
      <cvename>CVE-2023-21887</cvename>
      <cvename>CVE-2023-21863</cvename>
      <cvename>CVE-2023-21864</cvename>
      <cvename>CVE-2023-21865</cvename>
      <cvename>CVE-2023-21866</cvename>
      <cvename>CVE-2023-21867</cvename>
      <cvename>CVE-2023-21870</cvename>
      <cvename>CVE-2023-21873</cvename>
      <cvename>CVE-2023-21876</cvename>
      <cvename>CVE-2023-21878</cvename>
      <cvename>CVE-2023-21879</cvename>
      <cvename>CVE-2023-21881</cvename>
      <cvename>CVE-2023-21883</cvename>
      <cvename>CVE-2023-21840</cvename>
      <cvename>CVE-2023-21882</cvename>
      <cvename>CVE-2023-21874</cvename>
      <url>https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2023-01-20</discovery>
      <entry>2023-01-21</entry>
    </dates>
  </vuln>

  <vuln vid="005dfb48-990d-11ed-b9d3-589cfc0f81b0">
    <topic>phpmyfaq -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-24">
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored
	    XSS in "Add new question"</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored XSS
	    in admin user page</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a stored XSS
	    in FAQ comments</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a blind
	    stored XSS in admin open question page</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid a reflected
	    XSS in the admin backend login</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid stored XSS
	    on user, category, FAQ, news and configuration admin backend</p>
	  <p>phpMyFAQ does not implement sufficient checks to avoid weak passwords</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/</url>
      <url>https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/</url>
      <url>https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/</url>
      <url>https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/</url>
      <url>https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/</url>
      <url>https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/</url>
      <url>https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/</url>
      <url>https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/</url>
      <url>https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/</url>
    </references>
    <dates>
      <discovery>2023-01-15</discovery>
      <entry>2023-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="95176ba5-9796-11ed-bfbf-080027f5fec9">
    <topic>rack -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-rack</name>
	<range><lt>3.0.4.1,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack22</name>
	<range><lt>2.2.6.2,3</lt></range>
      </package>
      <package>
	<name>rubygem-rack16</name>
	<range><lt>1.6.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aaron Patterson reports:</p>
	<blockquote cite="https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md">
	  <dl>
	    <dt>CVE-2022-44570</dt>
	    <dd>
	      Carefully crafted input can cause the Range header
	      parsing component in Rack to take an unexpected amount
	      of time, possibly resulting in a denial of service
	      attack vector. Any applications that deal with Range
	      requests (such as streaming applications, or
	      applications that serve files) may be impacted.
	    </dd>
	    <dt>CVE-2022-44571</dt>
	    <dd>
	      Carefully crafted input can cause Content-Disposition
	      header parsing in Rack to take an unexpected amount of
	      time, possibly resulting in a denial of service attack
	      vector. This header is used typically used in multipart
	      parsing. Any applications that parse multipart posts
	      using Rack (virtually all Rails applications) are
	      impacted.
	    </dd>
	    <dt>CVE-2022-44572</dt>
	    <dd>
	      Carefully crafted input can cause RFC2183 multipart
	      boundary parsing in Rack to take an unexpected amount of
	      time, possibly resulting in a denial of service attack
	      vector. Any applications that parse multipart posts
	      using Rack (virtually all Rails applications) are
	      impacted.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-44570</cvename>
      <cvename>CVE-2022-44571</cvename>
      <cvename>CVE-2022-44572</cvename>
      <url>https://github.com/rack/rack/blob/v3.0.4.1/CHANGELOG.md</url>
      <url>https://github.com/advisories/GHSA-65f5-mfpf-vfhj</url>
      <url>https://github.com/advisories/GHSA-93pm-5p5f-3ghx</url>
      <url>https://github.com/advisories/GHSA-rqv2-275x-2jq5</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="00919005-96a3-11ed-86e9-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.55</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.55">
	  <p>mod_dav out of bounds read, or write of zero byte (CVE-2006-20001)
	    (moderate)</p>
	  <p>mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)</p>
	  <p>mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response
	    splitting (CVE-2022-37436) (moderate)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37436</cvename>
      <cvename>CVE-2022-36760</cvename>
      <cvename>CVE-2006-20001</cvename>
      <url>https://downloads.apache.org/httpd/CHANGES_2.4.55</url>
    </references>
    <dates>
      <discovery>2023-01-17</discovery>
      <entry>2023-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="5fa68bd9-95d9-11ed-811a-080027f5fec9">
    <topic>redis -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>7.0.8</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.8.20230116</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.9</lt></range>
      </package>
      <package>
	<name>redis6</name>
	<range><lt>6.0.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/releases/tag/7.0.8">
	  <dl>
	    <dt>CVE-2022-35977</dt>
	    <dd>
	      Integer overflow in the Redis SETRANGE and SORT/SORT_RO
	      commands can drive Redis to OOM panic.
	    </dd>
	    <dt>CVE-2023-22458</dt>
	    <dd>
	      Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
	      commands can lead to denial-of-service.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35977</cvename>
      <cvename>CVE-2023-22458</cvename>
      <url>https://github.com/redis/redis/releases/tag/7.0.8</url>
    </references>
    <dates>
      <discovery>2023-01-16</discovery>
      <entry>2023-01-16</entry>
    </dates>
  </vuln>

  <vuln vid="9d9e9439-959e-11ed-b464-b42e991fc52e">
    <topic>security/keycloak -- Multiple possible DoS attacks</topic>
    <affects>
      <package>
	<name>keycloak</name>
	<range><lt>20.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CIRCL reports:</p>
	<blockquote cite="https://cve.circl.lu/cve/CVE-2022-41966">
	    <ul>
	      <li>CVE-2022-41966: XStream serializes Java objects to XML
	      and back again.
	      Versions prior to 1.4.20 may allow a remote attacker
	      to terminate the application with a stack
	      overflow error, resulting in a denial of
	      service only via manipulation the
	      processed input stream.
	      </li>
	      <li>CVE-2022-40151: If the parser is running on user
	      supplied input, an attacker may supply content that
	      causes the parser to crash by stackoverflow. This
	      effect may support a denial of service attack.
	      </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40151</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40151</url>
      <cvename>CVE-2022-41966</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41966</url>
    </references>
    <dates>
      <discovery>2022-09-07</discovery>
      <entry>2023-01-16</entry>
    </dates>
  </vuln>

  <vuln vid="847f16e5-9406-11ed-a925-3065ec8fd3ec">
    <topic>security/tor -- SOCKS4(a) inversion bug</topic>
    <affects>
      <package>
	<name>tor</name>
	<range><lt>0.4.7.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tor Project reports:</p>
	<blockquote cite="https://gitlab.torproject.org/tpo/core/tor/-/issues/40730">
	  <p>TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through</p>
	  <p>This is a report from hackerone:<br/>
	     We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a).
	     Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://hackerone.com/bugs?subject=torproject&amp;report_id=1784589</url>
      <url>https://gitlab.torproject.org/tpo/core/tor/-/issues/40730</url>
    </references>
    <dates>
      <discovery>2023-01-12</discovery>
      <entry>2023-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="76e2fcce-92d2-11ed-a635-080027f5fec9">
    <topic>emacs -- arbitary shell command execution vulnerability of ctags</topic>
    <affects>
      <package>
	<name>emacs</name>
	<name>emacs-canna</name>
	<name>emacs-nox</name>
	<range><lt>28.2_2,3</lt></range>
      </package>
      <package>
	<name>emacs-devel</name>
	<name>emacs-devel-nox</name>
	<range><lt>30.0.50.202211128,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>lu4nx reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-45939">
	  <p>
	    GNU Emacs through 28.2 allows attackers to execute
	    commands via shell metacharacters in the name of a
	    source-code file, because lib-src/etags.c uses the system
	    C library function in its implementation of the ctags
	    program. For example, a victim may use the "ctags *"
	    command (suggested in the ctags documentation) in a
	    situation where the current working directory has contents
	    that depend on untrusted input.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-45939</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-45939</url>
    </references>
    <dates>
      <discovery>2022-11-28</discovery>
      <entry>2023-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="53caf29b-9180-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cassandra tema reports:</p>
	<blockquote cite="https://gitbox.apache.org/repos/asf?p=cassandra.git;a=blob_plain;f=CHANGES.txt;hb=refs/tags/cassandra-3.11.14">
	  <p>This release contains 6 security fixes including</p>
	  <ul>
	      <li>CVE-2022-24823: When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory</li>
	      <li>CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.</li>
	      <li>CVE-2019-2684: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE</li>
	      <li>CVE-2022-25857: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.</li>
	      <li>CVE-2022-42003: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.</li>
	      <li>CVE-2022-42004: In FasterXML jackson-databind, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24823</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823</url>
      <cvename>CVE-2020-7238</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238</url>
      <cvename>CVE-2019-2684</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684</url>
      <cvename>CVE-2022-25857</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857</url>
      <cvename>CVE-2022-42003</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003</url>
      <cvename>CVE-2022-42004</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004</url>
    </references>
    <dates>
      <discovery>2023-01-11</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="60624f63-9180-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- arbitrary code execution</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marcus Eriksson reports:</p>
	<blockquote cite="https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356">
	  <p>
	  When running Apache Cassandra with
	  the following configuration:
	  enable_user_defined_functions: true
	  enable_scripted_user_defined_functions: true
	  enable_user_defined_functions_threads: false
	  it is possible for an attacker to execute arbitrary code on
	  the host. The attacker would need to have enough permissions
	  to create user defined functions in the cluster to be able
	  to exploit this.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44521</cvename>
      <url>https://www.cvedetails.com/cve/CVE-2021-44521</url>
    </references>
    <dates>
      <discovery>2022-02-11</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="b3fd12ea-917a-11ed-acbe-b42e991fc52e">
    <topic>cassandra3 -- jBCrypt integer overflow</topic>
    <affects>
      <package>
	<name>cassandra3</name>
	<range><lt>3.11.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>mindrot project reports:</p>
	<blockquote cite="http://www.mindrot.org/projects/jBCrypt/news/rel04.html">
	  <p>There is an integer overflow that
	  occurs with very large log_rounds values, first reported by
	  Marcus Rathsfeld.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2015-0886</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886</url>
    </references>
    <dates>
      <discovery>2015-01-30</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="9fa7b139-c1e9-409e-bed0-006aadcf5845">
    <topic>xorg-server -- Multiple security issues in X server extensions</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<name>xephyr</name>
	<name>xorg-vfbserver</name>
	<range><lt>21.1.5,1</lt></range>
      </package>
      <package>
	<name>xorg-nestserver</name>
	<range><lt>21.1.5,2</lt></range>
      </package>
      <package>
	<name>xwayland</name>
	<range><lt>22.1.6,1</lt></range>
      </package>
      <package>
	<name>xwayland-devel</name>
	<range><lt>21.0.99.1.319</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The X.org project reports:</p>
	<blockquote cite="https://lists.x.org/archives/xorg-announce/2022-December/003302.html">
	  <ul>
	    <li>CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack
	    overflow

	    <p>The swap handler for the XTestFakeInput request of the XTest extension
	    may corrupt the stack if GenericEvents with lengths larger than 32 bytes
	    are sent through a the XTestFakeInput request.</p>

	    <p>This issue does not affect systems where client and server use the same
	    byte order.</p></li>

	    <li>CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab
	    out-of-bounds access

	    <p>The handler for the XIPassiveUngrab request accesses out-of-bounds
	    memory when invoked with a high keycode or button code.</p></li>

	    <li>CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify
	    use-after-free

	    <p>The handler for the XvdiSelectVideoNotify request may write to memory
	    after it has been freed.</p></li>

	    <li>CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes
	    use-after-free

	    <p>The handler for the ScreenSaverSetAttributes request may write to memory
	    after it has been freed.</p></li>

	    <li>CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty
	    out-of-bounds access

	    <p>The handler for the XIChangeProperty request has a length-validation
	    issues, resulting in out-of-bounds memory reads and potential
	    information disclosure.</p></li>

	    <li>CVE-2022-4283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free

	    <p>The XkbCopyNames function left a dangling pointer to freed memory,
	    resulting in out-of-bounds memory access on subsequent XkbGetKbdByName
	    requests.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.x.org/archives/xorg-announce/2022-December/003302.html</url>
      <cvename>CVE-2022-46340</cvename>
      <cvename>CVE-2022-46341</cvename>
      <cvename>CVE-2022-46342</cvename>
      <cvename>CVE-2022-46343</cvename>
      <cvename>CVE-2022-46344</cvename>
      <cvename>CVE-2022-4283</cvename>
    </references>
    <dates>
      <discovery>2022-12-14</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="3a023570-91ab-11ed-8950-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.7.0</ge><lt>15.7.2</lt></range>
	<range><ge>15.6.0</ge><lt>15.6.4</lt></range>
	<range><ge>6.6.0</ge><lt>15.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/">
	  <p>Race condition on gitlab.com enables verified email forgery and third-party account hijacking</p>
	  <p>DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint</p>
	  <p>Maintainer can leak sentry token by changing the configured URL</p>
	  <p>Maintainer can leak masked webhook secrets by changing target URL of the webhook</p>
	  <p>Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP</p>
	  <p>Group access tokens continue to work after owner loses ability to revoke them</p>
	  <p>Users' avatar disclosure by user ID in private GitLab instances</p>
	  <p>Arbitrary Protocol Redirection in GitLab Pages</p>
	  <p>Regex DoS due to device-detector parsing user agents</p>
	  <p>Regex DoS in the Submodule Url Parser</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4037</cvename>
      <cvename>CVE-2022-3613</cvename>
      <cvename>CVE-2022-4365</cvename>
      <cvename>CVE-2022-4342</cvename>
      <cvename>CVE-2022-3573</cvename>
      <cvename>CVE-2022-4167</cvename>
      <cvename>CVE-2022-3870</cvename>
      <cvename>CVE-2023-0042</cvename>
      <cvename>CVE-2022-4131</cvename>
      <cvename>CVE-2022-3514</cvename>
      <url>https://about.gitlab.com/releases/2023/01/09/security-release-gitlab-15-7-2-released/</url>
    </references>
    <dates>
      <discovery>2023-01-09</discovery>
      <entry>2023-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="7b929503-911d-11ed-a925-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>109.0.5414.74</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>109.0.5414.74</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html">
	  <p>This release contains 17 security fixes, including:</p>
	  <ul>
	    <li>[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16</li>
	    <li>[1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07</li>
	    <li>[1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30</li>
	    <li>[1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28</li>
	    <li>[1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05</li>
	    <li>[1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17</li>
	    <li>[1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17</li>
	    <li>[1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18</li>
	    <li>[1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26</li>
	    <li>[1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10</li>
	    <li>[1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23</li>
	    <li>[1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24</li>
	    <li>[1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18</li>
	    <li>[1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-0128</cvename>
      <cvename>CVE-2023-0129</cvename>
      <cvename>CVE-2023-0130</cvename>
      <cvename>CVE-2023-0131</cvename>
      <cvename>CVE-2023-0132</cvename>
      <cvename>CVE-2023-0133</cvename>
      <cvename>CVE-2023-0134</cvename>
      <cvename>CVE-2023-0135</cvename>
      <cvename>CVE-2023-0136</cvename>
      <cvename>CVE-2023-0137</cvename>
      <cvename>CVE-2023-0138</cvename>
      <cvename>CVE-2023-0139</cvename>
      <cvename>CVE-2023-0140</cvename>
      <cvename>CVE-2023-0141</cvename>
      <url>https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2023-01-10</discovery>
      <entry>2023-01-10</entry>
    </dates>
  </vuln>

  <vuln vid="59c284f4-8d2e-11ed-9ce0-b42e991fc52e">
    <topic>net-mgmt/cacti is vulnerable to remote command injection</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>1.2.23</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>cacti team reports:</p>
	<blockquote cite="https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf">
	<p>
	    A command injection vulnerability allows an
	    unauthenticated user to execute arbitrary code on a server
	    running Cacti, if a specific data source was selected for
	    any monitored device.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-46169</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-46169</url>
    </references>
    <dates>
      <discovery>2022-12-05</discovery>
      <entry>2023-01-05</entry>
      <modified>2023-01-09</modified>
    </dates>
  </vuln>

  <vuln vid="541696ed-8d12-11ed-af80-ecf4bbc0bda0">
    <topic>devel/viewvc-devel is vulnerable to cross-site scripting</topic>
    <affects>
      <package>
	<name>py37-viewvc-devel</name>
	<name>py38-viewvc-devel</name>
	<name>py39-viewvc-devel</name>
	<range><lt>1.3.0.20230104</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>C. Michael Pilato reports:</p>
	<blockquote cite="https://github.com/viewvc/viewvc/releases/tag/1.1.30">
	  <p>security fix: escape revision view copy paths (#311) [CVE-2023-22464]</p>
	</blockquote>
	<blockquote cite="https://github.com/viewvc/viewvc/releases/tag/1.1.29">
	  <p>security fix: escape revision view changed paths (#311) [CVE-2023-22456]</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2023-22464</cvename>
      <cvename>CVE-2023-22456</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22464</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2023-22456</url>
    </references>
    <dates>
      <discovery>2023-01-04</discovery>
      <entry>2023-01-05</entry>
    </dates>
  </vuln>

  <vuln vid="5b2eac07-8b4d-11ed-8b23-a0f3c100ae18">
    <topic>rxvt-unicode is vulnerable to a remote code execution</topic>
    <affects>
      <package>
	<name>rxvt-unicode</name>
	<range><lt>9.31</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Marc Lehmann reports:</p>
	<blockquote cite="http://lists.schmorp.de/pipermail/rxvt-unicode/2023q1/002638.html">
	  <p>The biggest issue is resolving CVE-2022-4170, which allows command
	     execution inside urxvt from within the terminal (that means anything that
	     can output text in the terminal can start commands in the context of the
	     urxvt process, even remotely).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-4170</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-4170</url>
    </references>
    <dates>
      <discovery>2022-12-05</discovery>
      <entry>2023-01-03</entry>
    </dates>
  </vuln>

  <vuln vid="86c330fe-bbae-4ca7-85f7-5321e627a4eb">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.18.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/22219">
	  <p>Remove ReverseProxy authentication from the API</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21139">
	  <p>Support Go Vulnerability Management</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20935">
	  <p>Forbid HTML string tooltips</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/</url>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.18.0</url>
    </references>
    <dates>
      <discovery>2022-08-23</discovery>
      <entry>2023-01-02</entry>
    </dates>
  </vuln>