[Git][security-tracker-team/security-tracker][master] automatic update

Sun May 28 09:12:13 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
327cdbd3 by security tracker role at 2023-05-28T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-2951 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr prior to 7 ...)
+	TODO: check
+CVE-2023-2949 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
+	TODO: check
+CVE-2023-2948 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...)
+	TODO: check
+CVE-2023-2947 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...)
+	TODO: check
+CVE-2023-2946 (Improper Access Control in GitHub repository openemr/openemr prior to  ...)
+	TODO: check
+CVE-2023-2945 (Missing Authorization in GitHub repository openemr/openemr prior to 7. ...)
+	TODO: check
+CVE-2023-2944 (Improper Access Control in GitHub repository openemr/openemr prior to  ...)
+	TODO: check
+CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.1.)
+	TODO: check
+CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
+	TODO: check
 CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...)
 	NOT-FOR-US: DedeCMS
 CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been classified as ...)
@@ -86583,6 +86603,7 @@ CVE-2022-29361 (Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and
 	NOTE: Disputed Werkzeug issue, no security impact
 	NOTE: https://github.com/pallets/werkzeug/issues/2420
 CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted em ...)
+	{DLA-3435-1}
 	- rainloop <removed> (bug #1004548)
 	NOTE: https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
 	NOTE: https://github.com/RainLoop/rainloop-webmail/issues/2142
@@ -282859,6 +282880,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
 	NOTE: https://trac.ffmpeg.org/ticket/7979
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
+	{DLA-3435-1}
 	- rainloop 1.14.0-1
 	NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327cdbd33fba7afb29c4c0c71f8d5ad09ff46322

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327cdbd33fba7afb29c4c0c71f8d5ad09ff46322
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/2064687d/attachment-0001.htm>
