[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a65f6777 by Salvatore Bonaccorso at 2026-01-30T22:03:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72,40 +72,40 @@ CVE-2025-62349 (Salt contains an authentication protocol version downgrade weakn
 CVE-2025-62348 (Salt's junos execution module contained an unsafe YAML decode/load usa ...)
 	- salt <removed>
 CVE-2025-51958 (aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthe ...)
-	TODO: check
+	NOT-FOR-US: aelsantex runcommand
 CVE-2025-4686 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Kodmatic Computer Software Tourism Construction Industry and Trade
 CVE-2025-26385 (Johnson Controls Metasys component listed below have  Improper Neutral ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2025-1395 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Codriapp Innovation and Software Technologies Inc. HeyGarson
 CVE-2025-13176 (Planting a custom configuration file  in   ESET Inspect Connectorallow ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2024-9432 (Cleartext Storage of Sensitive Information vulnerability in OpenText\u ...)
 	NOT-FOR-US: OpenText
 CVE-2024-4027 (A flaw was found in Undertow. Servlets using a method that calls HttpS ...)
 	- undertow <undetermined>
 	TODO: check details
 CVE-2020-37060 (Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Atomic Alarm Clock
 CVE-2020-37059 (Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Popcorn Time
 CVE-2020-37058 (Andrea ST Filters Service 1.0.64.7 contains an unquoted service path v ...)
-	TODO: check
+	NOT-FOR-US: Andrea ST Filters Service
 CVE-2020-37030 (Outline Service 1.3.3 contains an unquoted service path vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Outline Service
 CVE-2020-37022 (OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenZ ERP
 CVE-2020-37019 (Orchard Core RC1 contains a persistent cross-site scripting vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Orchard
 CVE-2020-37014 (Tryton 5.4 contains a persistent cross-site scripting vulnerability in ...)
 	TODO: check
 CVE-2020-37003 (Sellacious eCommerce 4.6 contains a persistent cross-site scripting vu ...)
-	TODO: check
+	NOT-FOR-US: Sellacious eCommerce
 CVE-2020-36998 (Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-sit ...)
-	TODO: check
+	NOT-FOR-US: Forma.lms The E-Learning Suite
 CVE-2020-36996 (PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-36966 (Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerabili ...)
 	- dolibarr <removed>
 CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65f677707a6fe18448674beaa88ef73c61ba2ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a65f677707a6fe18448674beaa88ef73c61ba2ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260130/17446553/attachment.htm>