[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 18 09:13:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abe445b4 by security tracker role at 2025-06-18T08:12:59+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-51381 (An authentication bypass vulnerability exists in KCM3100 Ver1.4.
 CVE-2025-50202 (Lychee is a free photo-management tool. In versions starting from 6.6. ...)
 	TODO: check
 CVE-2025-4955 (The tarteaucitron.io WordPress plugin before 1.9.5 uses query paramete ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-4413 (The Pixabay Images plugin for WordPress is vulnerable to arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49843 (conda-smithy is a tool for combining a conda recipe with configuration ...)
 	TODO: check
 CVE-2025-49825 (Teleport provides connectivity, authentication, access controls and au ...)
@@ -15,29 +15,29 @@ CVE-2025-49824 (conda-smithy is a tool for combining a conda recipe with configu
 CVE-2025-49593 (Portainer Community Edition is a lightweight service delivery platform ...)
 	TODO: check
 CVE-2025-49385 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49384 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link following ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49218 (A post-auth SQL injection vulnerability in the Trend Micro Endpoint En ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49217 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49216 (An authentication bypass vulnerability in the Trend Micro Endpoint Enc ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49215 (A post-auth SQL injection vulnerability in the Trend Micro Endpoint En ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49214 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49213 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49212 (An insecure deserialization operation in the Trend Micro Endpoint Encr ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49211 (A SQL injection vulnerability in the Trend Micro Endpoint Encryption P ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-49149 (Dify is an open-source LLM app development platform. In version 1.2.0, ...)
 	TODO: check
 CVE-2025-48443 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-41413 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds write, whi ...)
 	TODO: check
 CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to a stack-based buffer overf ...)
@@ -45,15 +45,15 @@ CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to a stack-based buffer
 CVE-2025-32412 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds read, whic ...)
 	TODO: check
 CVE-2025-30642 (A link following vulnerability in Trend Micro Deep Security 20.0 agent ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-30641 (A link following vulnerability in the anti-malware solution portion of ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-30640 (A link following vulnerability in Trend Micro Deep Security 20.0 agent ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2025-23252 (The NVIDIA NVDebug tool contains a vulnerability that may allow an act ...)
 	TODO: check
 CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48945
 	- pycares <unfixed>
 	NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe445b49746407aad56a6d255059c3c0b7ed171

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe445b49746407aad56a6d255059c3c0b7ed171
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/e71a2ff6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list