diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 8aeb8c6e8caa..a435871a86b5 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,125 +1,125 @@ - net-mgmt/cacti is vulnerable to remote command injection + net-mgmt/cacti is vulnerable to remote command injection cacti 1.2.23

cacti team reports:

-
+
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. -
+

CVE-2022-46169 https://nvd.nist.gov/vuln/detail/CVE-2022-46169 - 12/05/2022 + 2022-12-05 2023-01-05 + 2023-01-09 devel/viewvc-devel is vulnerable to cross-site scripting py37-viewvc-devel py38-viewvc-devel py39-viewvc-devel 1.3.0-20230104

C. Michael Pilato reports:

security fix: escape revision view copy paths (#311) [CVE-2023-22464]

security fix: escape revision view changed paths (#311) [CVE-2023-22456]

CVE-2023-22464 CVE-2023-22456 https://nvd.nist.gov/vuln/detail/CVE-2023-22464 https://nvd.nist.gov/vuln/detail/CVE-2023-22456 2023-01-04 2023-01-05 rxvt-unicode is vulnerable to a remote code execution rxvt-unicode 9.31

Marc Lehmann reports:

The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal (that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely).

CVE-2022-4170 https://nvd.nist.gov/vuln/detail/CVE-2022-4170 2022-12-05 2023-01-03 gitea -- multiple issues gitea 1.18.0

The Gitea team reports:

Remove ReverseProxy authentication from the API

Support Go Vulnerability Management

Forbid HTML string tooltips

https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/ https://github.com/go-gitea/gitea/releases/tag/v1.18.0 2022-08-23 2023-01-02 -