[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 4 12:58:06 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
745c19ec by Moritz Muehlenhoff at 2026-02-04T13:57:35+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,17 +21,17 @@ CVE-2026-25148 (Qwik is a performance focused javascript framework. Prior to ver
 CVE-2026-24887 (Claude Code is an agentic coding tool. Prior to version 2.0.72, due to ...)
 	NOT-FOR-US: Claude Code
 CVE-2026-24447 (If a malformed data is input to the affected product, a CSV file downl ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2026-24053 (Claude Code is an agentic coding tool. Prior to version 2.0.74, due to ...)
 	NOT-FOR-US: Claude Code
 CVE-2026-24052 (Claude Code is an agentic coding tool. Prior to version 1.0.111, Claud ...)
 	NOT-FOR-US: Claude Code
 CVE-2026-23704 (A non-administrative user can upload malicious files. When an administ ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2026-22875 (Movable Type contains a stored cross-site scripting vulnerability in E ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2026-21393 (Movable Type contains a stored cross-site scripting vulnerability in E ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2026-20987 (Improper input validation in GalaxyDiagnostics prior to version 3.5.05 ...)
 	NOT-FOR-US: Samsung Mobile
 CVE-2026-20986 (Path traversal in Samsung Members prior to Chinese version 15.5.05.4 a ...)
@@ -99,43 +99,43 @@ CVE-2025-36033 (IBM Engineering Lifecycle Management - Global Configuration Mana
 CVE-2025-33081 (IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive informati ...)
 	NOT-FOR-US: IBM
 CVE-2025-29867 (Access of Resource Using Incompatible Type ('Type Confusion') vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Hancom Office
 CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an information disclosure vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2020-37096 (Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2020-37094 (EspoCRM 5.8.5 contains an authentication vulnerability that allows att ...)
-	TODO: check
+	NOT-FOR-US: EspoCRM
 CVE-2020-37093 (Netis E1+ 1.2.32533 contains an information disclosure vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Netis E1+
 CVE-2020-37092 (Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Netis E1+
 CVE-2020-37091 (Maian Support Helpdesk 4.3 contains a cross-site request forgery vulne ...)
-	TODO: check
+	NOT-FOR-US: Maian Support Helpdesk
 CVE-2020-37090 (School ERP Pro 1.0 contains a file upload vulnerability that allows st ...)
-	TODO: check
+	NOT-FOR-US: School ERP Pro
 CVE-2020-37089 (School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_m ...)
-	TODO: check
+	NOT-FOR-US: School ERP Pro
 CVE-2020-37088 (School ERP Pro 1.0 contains a file disclosure vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: School ERP Pro
 CVE-2020-37087 (Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-s ...)
-	TODO: check
+	NOT-FOR-US: Easy Transfer
 CVE-2020-37086 (Easy Transfer 1.7 iOS mobile application contains a directory traversa ...)
-	TODO: check
+	NOT-FOR-US: Easy Transfer
 CVE-2020-37085 (VirtualTablet Server 3.0.2 contains a denial of service vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: VirtualTablet Server
 CVE-2020-37084 (School ERP Pro 1.0 contains a remote code execution vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: School ERP Pro
 CVE-2020-37083 (PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vuln ...)
-	TODO: check
+	NOT-FOR-US: PHP AddressBook
 CVE-2020-37082 (webERP 4.15.1 contains an unauthenticated file access vulnerability th ...)
-	TODO: check
+	NOT-FOR-US: webERP
 CVE-2020-37081 (Fishing Reservation System 7.5 contains multiple remote SQL injection  ...)
-	TODO: check
+	NOT-FOR-US: Fishing Reservation System
 CVE-2020-37080 (webTareas 2.0.p8 contains a file deletion vulnerability in the print_l ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2020-37078 (i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: i-doit Open Source CMDB
 CVE-2020-37077 (Booked Scheduler 2.7.7 contains a directory traversal vulnerability in ...)
 	TODO: check
 CVE-2020-37076 (Victor CMS version 1.0 contains a SQL injection vulnerability in the ' ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745c19eccb01d325696c595697b24dd39a47f636

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/745c19eccb01d325696c595697b24dd39a47f636
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260204/d1361379/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list