| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.47 2023/10/14 09:40:47 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.48 2023/10/16 10:28:51 he Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -23585,27 +23585,27 @@ php81-mysql<8.1.7 remote-code-execution | | | @@ -23585,27 +23585,27 @@ php81-mysql<8.1.7 remote-code-execution |
23585 | php{56,74,80,81}-nextcloud<23.0.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-29163 | | 23585 | php{56,74,80,81}-nextcloud<23.0.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-29163 |
23586 | php{56,74,80,81}-nextcloud<23.0.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29243 | | 23586 | php{56,74,80,81}-nextcloud<23.0.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29243 |
23587 | php{56,74,80,81}-owncloud<10.10.0 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-31649 | | 23587 | php{56,74,80,81}-owncloud<10.10.0 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-31649 |
23588 | php74-pgsql<7.4.30 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 | | 23588 | php74-pgsql<7.4.30 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 |
23589 | php80-pgsql<8.0.20 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 | | 23589 | php80-pgsql<8.0.20 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 |
23590 | php81-pgsql<8.1.7 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 | | 23590 | php81-pgsql<8.1.7 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-31625 |
23591 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19212 | | 23591 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19212 |
23592 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19213 | | 23592 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19213 |
23593 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19215 | | 23593 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2020-19215 |
23594 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2021-40317 | | 23594 | php{56,74,80,81}-piwigo<2.10.0 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2021-40317 |
23595 | php{56,74,80,81}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2021-40678 | | 23595 | php{56,74,80,81}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2021-40678 |
23596 | pidgin<2.14.9 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2022-26491 | | 23596 | pidgin<2.14.9 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2022-26491 |
23597 | poppler<22.04.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-27337 | | 23597 | poppler<22.04.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-27337 |
23598 | protobuf-c-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33070 | | 23598 | protobuf-c<=1.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33070 |
23599 | py{27,36,37,38,39,310}-JWT<2.4.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-29217 | | 23599 | py{27,36,37,38,39,310}-JWT<2.4.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-29217 |
23600 | py{27,36,37,38,39,310}-Pillow<9.1.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30595 | | 23600 | py{27,36,37,38,39,310}-Pillow<9.1.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30595 |
23601 | py{27,36,37,38,39,310}-aiohttp-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33124 | | 23601 | py{27,36,37,38,39,310}-aiohttp-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33124 |
23602 | py{27,36,37,38,39,310}-bottle<0.12.20 unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-31799 | | 23602 | py{27,36,37,38,39,310}-bottle<0.12.20 unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-31799 |
23603 | py{27,36,37,38,39,310}-cookiecutter<2.1.1 shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-24065 | | 23603 | py{27,36,37,38,39,310}-cookiecutter<2.1.1 shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-24065 |
23604 | py{27,36,37,38,39,310}-flower-[0-9]* authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30034 | | 23604 | py{27,36,37,38,39,310}-flower-[0-9]* authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30034 |
23605 | py{27,36,37,38,39,310}-ldap3<3.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46823 | | 23605 | py{27,36,37,38,39,310}-ldap3<3.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46823 |
23606 | py{27,36,37,38,39,310}-notebook<6.4.12 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-29238 | | 23606 | py{27,36,37,38,39,310}-notebook<6.4.12 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-29238 |
23607 | py{27,36,37,38,39,310}-octoprint<1.8.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1430 | | 23607 | py{27,36,37,38,39,310}-octoprint<1.8.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1430 |
23608 | py{27,36,37,38,39,310}-octoprint<1.8.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1432 | | 23608 | py{27,36,37,38,39,310}-octoprint<1.8.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-1432 |
23609 | py{27,36,37,38,39,310}-waitress>=2.1.0<2.1.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31015 | | 23609 | py{27,36,37,38,39,310}-waitress>=2.1.0<2.1.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31015 |
23610 | qemu<7.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-3750 | | 23610 | qemu<7.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-3750 |
23611 | radare2<5.5.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2021-44974 | | 23611 | radare2<5.5.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2021-44974 |