Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
327cdbd3 by security tracker role at 2023-05-28T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-2951 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr
prior to 7 ...)
+ TODO: check
+CVE-2023-2949 (Cross-site Scripting (XSS) - Reflected in GitHub repository
openemr/op ...)
+ TODO: check
+CVE-2023-2948 (Cross-site Scripting (XSS) - Generic in GitHub repository
openemr/open ...)
+ TODO: check
+CVE-2023-2947 (Cross-site Scripting (XSS) - Stored in GitHub repository
openemr/opene ...)
+ TODO: check
+CVE-2023-2946 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
+ TODO: check
+CVE-2023-2945 (Missing Authorization in GitHub repository openemr/openemr
prior to 7. ...)
+ TODO: check
+CVE-2023-2944 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
+ TODO: check
+CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to
7.0.1.)
+ TODO: check
+CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr
prior t ...)
+ TODO: check
CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been
declar ...)
NOT-FOR-US: DedeCMS
CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been
classified as ...)
@@ -86583,6 +86603,7 @@ CVE-2022-29361 (Improper parsing of HTTP requests in
Pallets Werkzeug v2.1.0 and
NOTE: Disputed Werkzeug issue, no security impact
NOTE: https://github.com/pallets/werkzeug/issues/2420
CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a
crafted em ...)
+ {DLA-3435-1}
- rainloop <removed> (bug #1004548)
NOTE:
https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/2142
@@ -282859,6 +282880,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division
by zero at adx_write_traile
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE:
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms
such as ...)
+ {DLA-3435-1}
- rainloop 1.14.0-1
NOTE:
https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
CVE-2019-13388
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327cdbd33fba7afb29c4c0c71f8d5ad09ff46322
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/327cdbd33fba7afb29c4c0c71f8d5ad09ff46322
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
