[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Trend Micro

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 17 22:16:54 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72e1c799 by Moritz Muehlenhoff at 2025-06-17T23:16:44+02:00
auto-nfu: Add rule for Trend Micro

Total CVEs from trendmicro: 467
Total CVEs from trendmicro with packages assigned: 0

Scope: Trend Micro supported products, including any end-of-life products.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -98,7 +98,7 @@ CVE-2025-49842 (conda-forge-webservices is the web app deployed to run conda-for
 CVE-2025-49508 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	TODO: check
 CVE-2025-49487 (An uncontrolled search path vulnerability in the Trend Micro Worry-Fre ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49452 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-49451 (Path Traversal vulnerability in yannisraft Aeroscroll Gallery \u2013 I ...)
@@ -144,19 +144,19 @@ CVE-2025-49251 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-49234 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49220 (An insecure deserialization operation in Trend Micro Apex Central belo ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49219 (An insecure deserialization operation in Trend Micro Apex Central belo ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49158 (An uncontrolled search path vulnerability in the Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49157 (A link following vulnerability in the Trend Micro Apex One Damage Clea ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49156 (A link following vulnerability in the Trend Micro Apex One scan engine ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49155 (An uncontrolled search path vulnerability in the Trend Micro Apex One  ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49154 (An insecure access control vulnerability in Trend Micro Apex One and T ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49071 (Unrestricted Upload of File with Dangerous Type vulnerability in NasaT ...)
 	TODO: check
 CVE-2025-48333 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -170,11 +170,11 @@ CVE-2025-48118 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-48111 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPa ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47867 (A Local File Inclusion vulnerability in a Trend Micro Apex Central wid ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-47866 (An unrestricted file upload vulnerability in a Trend Micro Apex Centra ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-47865 (A Local File Inclusion vulnerability in a Trend Micro Apex Central wid ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-47573 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47572 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -224,11 +224,11 @@ CVE-2025-31919 (Deserialization of Untrusted Data vulnerability in themeton Spar
 CVE-2025-30988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2025-30680 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-30679 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-30678 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-30618 (Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Paymen ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -187,6 +187,8 @@
   cna: Synaptics
 - reason: Synology
   cna: synology
+- reason: Trend Micro
+  cna: trendmicro
 - reason: TECNO Mobile
   cna: TECNOMobile
 - reason: TIBCO



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e1c79968edd781625eb98235679ac50b8db39b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e1c79968edd781625eb98235679ac50b8db39b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/da58f8f0/attachment.htm>

More information about the debian-security-tracker-commits mailing list