Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a65f6777 by Salvatore Bonaccorso at 2026-01-30T22:03:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -72,40 +72,40 @@ CVE-2025-62349 (Salt contains an authentication protocol
version downgrade weakn
CVE-2025-62348 (Salt's junos execution module contained an unsafe YAML
decode/load usa ...)
- salt <removed>
CVE-2025-51958 (aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows
unauthe ...)
- TODO: check
+ NOT-FOR-US: aelsantex runcommand
CVE-2025-4686 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Kodmatic Computer Software Tourism Construction Industry
and Trade
CVE-2025-26385 (Johnson Controls Metasys component listed below have Improper
Neutral ...)
NOT-FOR-US: Johnson Controls
CVE-2025-1395 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Codriapp Innovation and Software Technologies Inc. HeyGarson
CVE-2025-13176 (Planting a custom configuration file in ESET Inspect
Connectorallow ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2024-9432 (Cleartext Storage of Sensitive Information vulnerability in
OpenText\u ...)
NOT-FOR-US: OpenText
CVE-2024-4027 (A flaw was found in Undertow. Servlets using a method that
calls HttpS ...)
- undertow <undetermined>
TODO: check details
CVE-2020-37060 (Atomic Alarm Clock 6.3 contains a local privilege escalation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Atomic Alarm Clock
CVE-2020-37059 (Popcorn Time 6.2.1.14 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Popcorn Time
CVE-2020-37058 (Andrea ST Filters Service 1.0.64.7 contains an unquoted
service path v ...)
- TODO: check
+ NOT-FOR-US: Andrea ST Filters Service
CVE-2020-37030 (Outline Service 1.3.3 contains an unquoted service path
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Outline Service
CVE-2020-37022 (OpenZ ERP 3.6.60 contains a persistent cross-site scripting
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenZ ERP
CVE-2020-37019 (Orchard Core RC1 contains a persistent cross-site scripting
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Orchard
CVE-2020-37014 (Tryton 5.4 contains a persistent cross-site scripting
vulnerability in ...)
TODO: check
CVE-2020-37003 (Sellacious eCommerce 4.6 contains a persistent cross-site
scripting vu ...)
- TODO: check
+ NOT-FOR-US: Sellacious eCommerce
CVE-2020-36998 (Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent
cross-sit ...)
- TODO: check
+ NOT-FOR-US: Forma.lms The E-Learning Suite
CVE-2020-36996 (PHPFusion 9.03.50 contains a persistent cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-36966 (Dolibarr 11.0.3 contains a persistent cross-site scripting
vulnerabili ...)
- dolibarr <removed>
CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor
the pgve ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65f677707a6fe18448674beaa88ef73c61ba2ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65f677707a6fe18448674beaa88ef73c61ba2ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
