security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v5.0.6

This release fixes the following potential DoS vulnerabilities:

 - A missing field in the SMB FSControl script-land record could
   cause a heap buffer overflow when receiving packets containing
   those header types.

 - Receiving a series of packets that start with HTTP/1.0 and then
   switch to HTTP/0.9 could cause Zeek to spend a large amount of
   time processing the packets.

 - Receiving large numbers of FTP commands sequentially from the
   network with bad data in them could cause Zeek to spend a large
   amount of time processing the packets, and generate a large
   amount of events.

Reported by:	Tim Wojtulewicz

security/vuxml: document gitlab vulnerabilities

security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0

PR:		269226
Reported by:	grahamperrin

security/vuxml: add net-mgmt/prometheus basic authentication bypass

CVE-2022-46146

PR:	269153
Reported by:	dor.bsd@xm0.uk (maintainer)

security/vuxml: add www/*chromium < 109.0.5414.119

Obtained
from:	https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html

security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0

PR:		269147
Reported by:	grahamperrin

security/vuxml: Record gitea vulnerability

PR:		269131

security/vuxml: register dns/powerdns-recursor vulnerability

CVE-2023-22617

PR:	269116

security/vuxml: register net/krill DoS vulnerability

CVE-2023-0158

PR:	269050

security/vuxml: register www/awstats vulnerability

PR:	269051

security/vuxml: register net/eternalterminal vulnerabilities

CVE-2022-48257 and CVE-2022-48258

PR:	269079

security/vuln: Fix file

It didn't pass `make validate`.

security/vuxml: register shells/fish vulnerability

Arbitrary code execution if the attacker can convince the user to cd to
a directory the attacker controls.

CVE-2022-20001

PR: 263506

security/vuxml: Document 2023Q1 MySQL vulns

security/vuxml: Document vulnerabilities in phpmyfaq

security/vuxml: Document multiple vulnerabilities in rack

security/vuxml: Add redis6 as affecting package to
5fa68bd9-95d9-11ed-811a-080027f5fec9

security/vuxml: Document www/apache24 vulnerabilities

security/vuxml: Document multiple vulnerabilities in redis

security/vuxml: register security/keycloak vulnerability

Two Xstream related CVEs that might cause a DoS attack:

 * CVE-2022-40151
 * CVE-2022-41966

PR:	268939

security/vuxml: add security/tor < 0.4.7.13 for TROVE-2022-002

Obtained from:	https://gitlab.torproject.org/tpo/core/tor/-/issues/40730

security/vuxml: Correct range for devel/viewvc-devel

Changing a - to a . in the version

PR:		268754

security/vuxml: Document arbitary shell command execution vulnerability in Emacs

security/vuxml: cassandra3 multiple vulnerabilities

CVE-2022-42003
CVE-2022-4200
CVE-2022-25857
CVE-2019-2684
CVE-2020-7238
CVE-2022-24823
CVE-2021-44521
CVE-2015-0886

PR:	267624

security/vuxml: mark xorg-server < 21.1.5,1 as vulnerable

security/vuxml: document gitlab-ce vulnerabilities

security/vuxml: add www/*chromium < 109.0.5414.74

Obtained
from:	https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html

security/vuxml: Fix `make validate`

PR:		268837

security/vuxml: Add 2023 to the main XML file

PR:		268837

security/vuxml: Add net-mgmt/cacti vulnerability

A command injection vulnerability allows an unauthenticated user to execute
arbitrary code on a server running Cacti, if a specific data source was selected
for any monitored device.

PR:	268742

security/vuxml: amend entry adding CVE-2023-22456 in devel/viewvc-devel

PR:		268754
Security:	CVE-2023-22456

security/vuxml: add an entry for CVE-2023-22464 in devel/viewvc-devel

Security:	CVE-2023-22464

security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode

Security:	CVE-2022-4170

security/vuxml: Document Gitea multiple vulnerabilities

PR:		268667

security/vuxml: Remove the uncorrect <cvsname> line in my previous commit

security/vuxml: Document Webtrees vulnerability

PR:		267466

security/vuxml: Document mediawiki multiple vulnerabilities

security/vuxml: Document Netdata multiple vulnerabilities

security/vuxml: Document FreeRDP multiple vulnerabilities

PR:		268539

security/vuxml: Document Gitea multiple vulnerabilities

PR:		268512

VuXML: fix typo in 2021 entry for accountsservice

Fixes:                 d227a2fea96e Document accountsservice vulnerability
Approved by:           ports-secteam (riggs)
Differential revision: https://reviews.freebsd.org/D37721

security/vuxml: Document typo3 multiple vulnerabilities

security/vuxml: add www/*chromium < 108.0.5359.124

Obtained
from:	https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

security/vuxml: Document multiple vulnerabilities in cURL.

security/vuxml: Document vulnerabilities in phpmyfaq

security/vuxml: Document vulnerabilities in net/traefik

security/vuxml: Make `make validate` pass again

security/vuxml: Document multiple xrdp vulnerabilities

Obrained from:	https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21

security/vuxml: Document python3[7-9] multiple vulnerabilities

security/vuxml: Document python310 multiple vulnerabilities

security/vuxml: Document python-3.11 vulnerabilities

security/vuxml: Document Go vulnerabilities

security/vuxml: Adjust range of 84ab03b6-6c20-11ed-b519-080027f5fec9

Vulnerability of Ruby 3.2 is fixed with 3.2.0-rc1.

security/vuxml: add www/*chromium < 108.0.5359.94

Obtained
from:	https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

security/vuxml: Record rpm4 vulnerability.

Add multiple CVE fixed in latest rpm4 version.
PR:		267291

security/vuxml: Record grafana9 vulnerability.

Add privilege escalation for CVE-2022-31097.
PR:	268078

security/vuxml: document gitlab vulnerabilities

security/vuxml: add www/chromium < 108.0.5359.71

Obtained
from:	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html

security/vuxml: add www/chromium < 107.0.5304.121

Obtained
from:	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html

security/vuxml: Document HTTP response splitting vulnerability in rubygem-cgi

security/vuxml: Mark zeek < 5.0.4 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v5.0.4

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted series of HTTP 0.9 packets can cause Zeek
   to spend large amounts of time processing the packets.

 - A specially-crafted FTP packet can cause Zeek to spend large
   amounts of time processing the command.

 - A specially-crafted IPv6 packet can cause Zeek to overflow memory
   and potentially crash.

Reported by:	Tim Wojtulewicz

security/vuxml: Add multiple CVEs for advancecomp

PR:	267937

security/vuxml: Document vulnerability for security/tailscale

security/vuxml: Document Apache Tomcat vulnerability

 * CVE-2022-42252 Apache Tomcat - Request Smuggling

PR:		266984

security/vuxml: Add the krb5 1.19 vulnerable range

security/vuxml: re-organize port

- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives.

security/vuxml: Document CVE-2022-42898

Document MIT krb5 Security Advisory 2022-001: integer overflow
vulnerabilities in PAC parsing

security/vuxml: Document Grafana multiple vulnerabilities

* CVE-2022-31123 - Plugin signature bypass
* CVE-2022-31130 - Data source and plugin proxy endpoints leaking
  authentication tokens to some destination plugins
* CVE-2022-39201 - Data source and plugin proxy endpoints leaking
  authentication tokens to some destination plugins
* CVE-2022-39229 - Improper authentication
* CVE-2022-39306 - Privilege escalation
* CVE-2022-39307 - Username enumeration
* CVE-2022-39328 - Privilege escalation (Critical)

https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/
https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/

PR:		267728

security/vuxml: Add devel/ipython issue

PR:		265082

security/vuxml: Document phpMyFAQ vulnerabilities

security/vuxml: Add varnish cache security issues

security/vuxml: add www/chromium < 107.0.5304.110

Obtained
from:	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html

security/vuxml: Mark zeek < 5.0.3 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v5.0.3

This release fixes the following potential DoS vulnerabilities:

 - Fix an issue where a specially-crafted FTP packet can cause Zeek
   to spend large amounts of time attempting to search for valid
   commands in the data stream.

 - Fix a possible overflow in the Zeek dictionary code that may
   lead to a memory leak.

 - Fix an issue where a specially-crafted packet can cause Zeek to
   spend large amounts of time reporting analyzer violations.

security/vuxml: register darkhttpd DoS vulnerability

PR:		267507
Reported by:	Henrich Hartzer <henrichhartzer@tuta.io>
Security:	CVE-2020-25691

security/vuxml: Document sudo CVE-2022-43995

Document a potential out-of-bounds write for passwords smaller than
eight bytes when crypt() is used.

PR:		267617
Security:	CVE-2022-43995

security/vuxml: document gitlab vulnerabilities

security/vuxml: Document pixman heap overflow

Document CVE-2022-44638

Sponsored by:   Beckhoff Automation GmbH & Co. KG

security/vuxml: Document Go vulnerability

security/vuxml: Document OpenSSL 3.0 vulnerabilities

security/vuxml: Document Q4 MySQL vulnerabilities

security/vuxml: add www/chromium < 107.0.5304.87

Obtained
from:	https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html

security/vuxml: add entry for CVE-2022-3437

There is a limited write heap buffer overflow in the GSSAPI unwrap_des()
and unwrap_des3() routines of Heimdal (included in Samba).

security/vuxml: Add www/*chromium < 107.0.5304.68

Obtained
from:	https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html

security/vuxml: Document vulnerability in libudisks

PR:		267281
Reviewed by:	riggs

security/vuxml: Document vulnerabilities in phpmyfaq

security/vuxml: Document Python multiple vulnerabilities

security/vuxml: document nginx vulnerabilities

Document CVE-2022-41741, CVE-2022-41742

security/vuxml: Document git vulnerabilities

Document CVE-2022-39253 and CVE-2022-39260

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/vuxml: Document OpenSSL 3.0 vuln

security/vuxml: Document Gitea vulnerabilities

PR:		267106

security/vuxml: Format 0d1d2c1 text

security/vuxml: Fix malformed CVE

Fix malformed cvename entry by removing this tag since there is no CVE
for this security issue committed in 0d1d2c1

security/vuxml: Add mail/roundcube-thunderbird_labels vulnerabilities

PR:		266986

security/vuxml: add www/*chromium < 106.0.5249.119

Obtained
from:	https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html

security/vuxml: Document multiple vulnerabilities in Samba

security/strongswan: Document DOS vulnerability

ChangeLog:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html

PR:		266938
Reported by:	rob2g2-freebsd@bitbert.com
Security:	CVE-2022-40617

net/routinator: Add net/routinator CVE

Recent versions of Routinator contain a problem that causes Routinator to
exit if it encounters invalid data in RRDP snapshot or delta files.

Details: https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt

PR:		266865
Reported by:	jaap@NLnetLabs.nl

security/vuxml: Improve the description of c2a89e8f-44e9-11ed-9215-00e081b7aa2d

Suggested by:	joneum

security/vuxml: Document Django multiple vulnerabilities

security/vuxml: Fix broken tags