Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-3266-1:EE23D
HistoryJan 11, 2023 - 11:00 a.m.

[SECURITY] [DLA 3266-1] viewvc security update

2023-01-1111:00:39
lists.debian.org
10
viewvc
security update
debian 10 buster
cve-2023-22456
cve-2023-22464

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Debian LTS Advisory DLA-3266-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
January 11, 2023 https://wiki.debian.org/LTS

Package : viewvc
Version : 1.1.26-1+deb10u1
CVE IDs : CVE-2023-22456 CVE-2023-22464

It was discovered that there were two issues in viewvc, a web-based
interface for browsing Subversion and CVS repositories. The attack
vectors involved files with unsafe names; names that, when embedded
into an HTML stream, could cause the browser to run unwanted code.

For Debian 10 buster, these problems have been fixed in version
1.1.26-1+deb10u1.

We recommend that you upgrade your viewvc packages.

For the detailed security status of viewvc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/viewvc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allviewvc-query< 1.1.26-1+deb10u1viewvc-query_1.1.26-1+deb10u1_all.deb
Debian10allviewvc< 1.1.26-1+deb10u1viewvc_1.1.26-1+deb10u1_all.deb

Related

freebsd 1
nessus 2
mageia 1
openvas 2
osv 3
prion 2
ubuntucve 2
debiancve 2
cve 2
cvelist 2
nvd 2
freebsd
freebsd
devel/viewvc-devel is vulnerable to cross-site scripting
2023-01-04 00:00:00
nessus
nessus
FreeBSD : devel/viewvc-devel is vulnerable to cross-site scripting (541696ed-8d12-11ed-af80-ecf4bbc0bda0)
2023-01-09 00:00:00
Debian DLA-3266-1 : viewvc - LTS security update
2023-01-11 00:00:00
mageia
mageia
Updated viewvc packages fix security vulnerability
2023-01-24 10:58:25
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0019)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3266-1)
2023-01-12 00:00:00
osv
osv
viewvc - security update
2023-01-11 00:00:00
CVE-2023-22456
2023-01-03 19:15:10
CVE-2023-22464
2023-01-04 16:15:09
prion
prion
Cross site scripting
2023-01-04 16:15:00
Cross site scripting
2023-01-03 19:15:00
ubuntucve
ubuntucve
CVE-2023-22464
2023-01-04 00:00:00
CVE-2023-22456
2023-01-03 00:00:00
debiancve
debiancve
CVE-2023-22456
2023-01-03 19:15:10
CVE-2023-22464
2023-01-04 16:15:09
cve
cve
CVE-2023-22456
2023-01-03 19:15:10
CVE-2023-22464
2023-01-04 16:15:09
cvelist
cvelist
CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths
2023-01-03 18:29:51
CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations
2023-01-04 15:12:50
nvd
nvd
CVE-2023-22464
2023-01-04 16:15:09
CVE-2023-22456
2023-01-03 19:15:10

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON
Related for DEBIAN:DLA-3266-1:EE23D
freebsd1nessus2mageia1openvas2osv3prion2ubuntucve2debiancve2cve2cvelist2nvd2