[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Wed, 18 Jun 2025 01:13:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
abe445b4 by security tracker role at 2025-06-18T08:12:59+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2025-51381 (An authentication bypass vulnerability exists 
in KCM3100 Ver1.4.
 CVE-2025-50202 (Lychee is a free photo-management tool. In versions starting 
from 6.6. ...)
        TODO: check
 CVE-2025-4955 (The tarteaucitron.io WordPress plugin before 1.9.5 uses query 
paramete ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-4413 (The Pixabay Images plugin for WordPress is vulnerable to 
arbitrary fil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-49843 (conda-smithy is a tool for combining a conda recipe with 
configuration ...)
        TODO: check
 CVE-2025-49825 (Teleport provides connectivity, authentication, access 
controls and au ...)
@@ -15,29 +15,29 @@ CVE-2025-49824 (conda-smithy is a tool for combining a 
conda recipe with configu
 CVE-2025-49593 (Portainer Community Edition is a lightweight service delivery 
platform ...)
        TODO: check
 CVE-2025-49385 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link 
following ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49384 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link 
following ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49218 (A post-auth SQL injection vulnerability in the Trend Micro 
Endpoint En ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49217 (An insecure deserialization operation in the Trend Micro 
Endpoint Encr ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49216 (An authentication bypass vulnerability in the Trend Micro 
Endpoint Enc ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49215 (A post-auth SQL injection vulnerability in the Trend Micro 
Endpoint En ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49214 (An insecure deserialization operation in the Trend Micro 
Endpoint Encr ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49213 (An insecure deserialization operation in the Trend Micro 
Endpoint Encr ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49212 (An insecure deserialization operation in the Trend Micro 
Endpoint Encr ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49211 (A SQL injection vulnerability in the Trend Micro Endpoint 
Encryption P ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49149 (Dify is an open-source LLM app development platform. In 
version 1.2.0, ...)
        TODO: check
 CVE-2025-48443 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and 
below i ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-41413 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds 
write, whi ...)
        TODO: check
 CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to a stack-based 
buffer overf ...)
@@ -45,15 +45,15 @@ CVE-2025-41388 (Fuji Electric Smart Editor is vulnerable to 
a stack-based buffer
 CVE-2025-32412 (Fuji Electric Smart Editoris vulnerable to an out-of-bounds 
read, whic ...)
        TODO: check
 CVE-2025-30642 (A link following vulnerability in Trend Micro Deep Security 
20.0 agent ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-30641 (A link following vulnerability in the anti-malware solution 
portion of ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-30640 (A link following vulnerability in Trend Micro Deep Security 
20.0 agent ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-23252 (The NVIDIA NVDebug tool contains a vulnerability that may 
allow an act ...)
        TODO: check
 CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email 
Marketing, ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-48945
        - pycares <unfixed>
        NOTE: 
https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe445b49746407aad56a6d255059c3c0b7ed171

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abe445b49746407aad56a6d255059c3c0b7ed171
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to