[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 21 08:29:48 GMT 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b084a6e by Salvatore Bonaccorso at 2024-02-21T09:29:10+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2024-26269 (Cross-site scripting (XSS) vulnerability in the Frontend JS module's p ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay  ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Yet Analytics Core LRS Library
 CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4 ...)
 	TODO: check
 CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi  ...)
-	TODO: check
+	NOT-FOR-US: Mondula GmbH Multi Step Form
 CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMC ...)
 	TODO: check
 CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Ma ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin module' ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25601 (Stored cross-site scripting (XSS) vulnerability in Expando module's ge ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run ar ...)
-	TODO: check
+	NOT-FOR-US: MRCMS
 CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message Board widge ...)
 	TODO: check
 CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older u ...)
@@ -25,7 +25,7 @@ CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and o
 CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in L ...)
 	TODO: check
 CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included "allow_i ...)
-	TODO: check
+	NOT-FOR-US: Apache Airflow Mongo Provider
 CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin M ...)
 	TODO: check
 CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Bui ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b084a6ea3b36970cfe3c470059afbdbea684864

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b084a6ea3b36970cfe3c470059afbdbea684864
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240221/899beb1c/attachment.htm>


More information about the debian-security-tracker-commits mailing list