Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8b084a6e by Salvatore Bonaccorso at 2024-02-21T09:29:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2024-26269 (Cross-site scripting (XSS) vulnerability in the Frontend JS
module's p ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-26266 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Liferay ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-26140 (com.yetanalytics/lrs is the Yet Analytics Core LRS Library.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: Yet Analytics Core LRS Library
CVE-2024-26136 (kedi ElectronCord is a bot management tool for Discord. Commit
aaaeaf4 ...)
TODO: check
CVE-2024-25905 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula
GmbH Multi ...)
- TODO: check
+ NOT-FOR-US: Mondula GmbH Multi Step Form
CVE-2024-25904 (Cross-Site Request Forgery (CSRF) vulnerability in David
Stockl TinyMC ...)
TODO: check
CVE-2024-25603 (Stored cross-site scripting (XSS) vulnerability in the Dynamic
Data Ma ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-25602 (Stored cross-site scripting (XSS) vulnerability in Users Admin
module' ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-25601 (Stored cross-site scripting (XSS) vulnerability in Expando
module's ge ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2024-25428 (SQL Injection vulnerability in MRCMS v3.1.2 allows attackers
to run ar ...)
- TODO: check
+ NOT-FOR-US: MRCMS
CVE-2024-25152 (Stored cross-site scripting (XSS) vulnerability in Message
Board widge ...)
TODO: check
CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and
older u ...)
@@ -25,7 +25,7 @@ CVE-2024-25151 (The Calendar module in Liferay Portal 7.2.0
through 7.4.2, and o
CVE-2024-25147 (Cross-site scripting (XSS) vulnerability in
HtmlUtil.escapeJsLink in L ...)
TODO: check
CVE-2024-25141 (When sslwas enabled for Mongo Hook, default settings included
"allow_i ...)
- TODO: check
+ NOT-FOR-US: Apache Airflow Mongo Provider
CVE-2024-24876 (Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts
Admin M ...)
TODO: check
CVE-2024-24872 (Cross-Site Request Forgery (CSRF) vulnerability in Themify
Themify Bui ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b084a6ea3b36970cfe3c470059afbdbea684864
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b084a6ea3b36970cfe3c470059afbdbea684864
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
