[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 04 Feb 2026 04:58:15 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
745c19ec by Moritz Muehlenhoff at 2026-02-04T13:57:35+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,17 +21,17 @@ CVE-2026-25148 (Qwik is a performance focused javascript 
framework. Prior to ver
 CVE-2026-24887 (Claude Code is an agentic coding tool. Prior to version 
2.0.72, due to ...)
        NOT-FOR-US: Claude Code
 CVE-2026-24447 (If a malformed data is input to the affected product, a CSV 
file downl ...)
-       TODO: check
+       - movabletype-opensource <removed>
 CVE-2026-24053 (Claude Code is an agentic coding tool. Prior to version 
2.0.74, due to ...)
        NOT-FOR-US: Claude Code
 CVE-2026-24052 (Claude Code is an agentic coding tool. Prior to version 
1.0.111, Claud ...)
        NOT-FOR-US: Claude Code
 CVE-2026-23704 (A non-administrative user can upload malicious files. When an 
administ ...)
-       TODO: check
+       - movabletype-opensource <removed>
 CVE-2026-22875 (Movable Type contains a stored cross-site scripting 
vulnerability in E ...)
-       TODO: check
+       - movabletype-opensource <removed>
 CVE-2026-21393 (Movable Type contains a stored cross-site scripting 
vulnerability in E ...)
-       TODO: check
+       - movabletype-opensource <removed>
 CVE-2026-20987 (Improper input validation in GalaxyDiagnostics prior to 
version 3.5.05 ...)
        NOT-FOR-US: Samsung Mobile
 CVE-2026-20986 (Path traversal in Samsung Members prior to Chinese version 
15.5.05.4 a ...)
@@ -99,43 +99,43 @@ CVE-2025-36033 (IBM Engineering Lifecycle Management - 
Global Configuration Mana
 CVE-2025-33081 (IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive 
informati ...)
        NOT-FOR-US: IBM
 CVE-2025-29867 (Access of Resource Using Incompatible Type ('Type Confusion') 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Hancom Office
 CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an information disclosure 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2020-37096 (Edimax EW-7438RPn 1.13 contains a cross-site request forgery 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Edimax
 CVE-2020-37094 (EspoCRM 5.8.5 contains an authentication vulnerability that 
allows att ...)
-       TODO: check
+       NOT-FOR-US: EspoCRM
 CVE-2020-37093 (Netis E1+ 1.2.32533 contains an information disclosure 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Netis E1+
 CVE-2020-37092 (Netis E1+ version 1.2.32533 contains a hardcoded root account 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Netis E1+
 CVE-2020-37091 (Maian Support Helpdesk 4.3 contains a cross-site request 
forgery vulne ...)
-       TODO: check
+       NOT-FOR-US: Maian Support Helpdesk
 CVE-2020-37090 (School ERP Pro 1.0 contains a file upload vulnerability that 
allows st ...)
-       TODO: check
+       NOT-FOR-US: School ERP Pro
 CVE-2020-37089 (School ERP Pro 1.0 contains a SQL injection vulnerability in 
the 'es_m ...)
-       TODO: check
+       NOT-FOR-US: School ERP Pro
 CVE-2020-37088 (School ERP Pro 1.0 contains a file disclosure vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: School ERP Pro
 CVE-2020-37087 (Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: Easy Transfer
 CVE-2020-37086 (Easy Transfer 1.7 iOS mobile application contains a directory 
traversa ...)
-       TODO: check
+       NOT-FOR-US: Easy Transfer
 CVE-2020-37085 (VirtualTablet Server 3.0.2 contains a denial of service 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: VirtualTablet Server
 CVE-2020-37084 (School ERP Pro 1.0 contains a remote code execution 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: School ERP Pro
 CVE-2020-37083 (PHP AddressBook 9.0.0.1 contains a time-based blind SQL 
injection vuln ...)
-       TODO: check
+       NOT-FOR-US: PHP AddressBook
 CVE-2020-37082 (webERP 4.15.1 contains an unauthenticated file access 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: webERP
 CVE-2020-37081 (Fishing Reservation System 7.5 contains multiple remote SQL 
injection  ...)
-       TODO: check
+       NOT-FOR-US: Fishing Reservation System
 CVE-2020-37080 (webTareas 2.0.p8 contains a file deletion vulnerability in the 
print_l ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2020-37078 (i-doit Open Source CMDB 1.14.1 contains a file deletion 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: i-doit Open Source CMDB
 CVE-2020-37077 (Booked Scheduler 2.7.7 contains a directory traversal 
vulnerability in ...)
        TODO: check
 CVE-2020-37076 (Victor CMS version 1.0 contains a SQL injection vulnerability 
in the ' ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745c19eccb01d325696c595697b24dd39a47f636

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745c19eccb01d325696c595697b24dd39a47f636
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to