[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Trend Micro

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
72e1c799 by Moritz Muehlenhoff at 2025-06-17T23:16:44+02:00
auto-nfu: Add rule for Trend Micro

Total CVEs from trendmicro: 467
Total CVEs from trendmicro with packages assigned: 0

Scope: Trend Micro supported products, including any end-of-life products.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -98,7 +98,7 @@ CVE-2025-49842 (conda-forge-webservices is the web app 
deployed to run conda-for
 CVE-2025-49508 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-49487 (An uncontrolled search path vulnerability in the Trend Micro 
Worry-Fre ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49452 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        TODO: check
 CVE-2025-49451 (Path Traversal vulnerability in yannisraft Aeroscroll Gallery 
\u2013 I ...)
@@ -144,19 +144,19 @@ CVE-2025-49251 (Improper Control of Filename for 
Include/Require Statement in PH
 CVE-2025-49234 (Missing Authorization vulnerability in Deepak anand WP Dummy 
Content G ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49220 (An insecure deserialization operation in Trend Micro Apex 
Central belo ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49219 (An insecure deserialization operation in Trend Micro Apex 
Central belo ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49158 (An uncontrolled search path vulnerability in the Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49157 (A link following vulnerability in the Trend Micro Apex One 
Damage Clea ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49156 (A link following vulnerability in the Trend Micro Apex One 
scan engine ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49155 (An uncontrolled search path vulnerability in the Trend Micro 
Apex One  ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49154 (An insecure access control vulnerability in Trend Micro Apex 
One and T ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-49071 (Unrestricted Upload of File with Dangerous Type vulnerability 
in NasaT ...)
        TODO: check
 CVE-2025-48333 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -170,11 +170,11 @@ CVE-2025-48118 (Improper Neutralization of Special 
Elements used in an SQL Comma
 CVE-2025-48111 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES 
YITH PayPa ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47867 (A Local File Inclusion vulnerability in a Trend Micro Apex 
Central wid ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-47866 (An unrestricted file upload vulnerability in a Trend Micro 
Apex Centra ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-47865 (A Local File Inclusion vulnerability in a Trend Micro Apex 
Central wid ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-47573 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47572 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
@@ -224,11 +224,11 @@ CVE-2025-31919 (Deserialization of Untrusted Data 
vulnerability in themeton Spar
 CVE-2025-30988 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        TODO: check
 CVE-2025-30680 (A Server-side Request Forgery (SSRF) vulnerability in Trend 
Micro Apex ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-30679 (A Server-side Request Forgery (SSRF) vulnerability in Trend 
Micro Apex ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-30678 (A Server-side Request Forgery (SSRF) vulnerability in Trend 
Micro Apex ...)
-       TODO: check
+       NOT-FOR-US: Trend Micro
 CVE-2025-30618 (Deserialization of Untrusted Data vulnerability in yuliaz 
Rapyd Paymen ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -187,6 +187,8 @@
   cna: Synaptics
 - reason: Synology
   cna: synology
+- reason: Trend Micro
+  cna: trendmicro
 - reason: TECNO Mobile
   cna: TECNOMobile
 - reason: TIBCO



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e1c79968edd781625eb98235679ac50b8db39b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72e1c79968edd781625eb98235679ac50b8db39b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits