[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 16 11:30:10 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4deeb85 by Moritz Muehlenhoff at 2025-07-16T12:29:52+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,10 +63,10 @@ CVE-2025-2800 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell
CVE-2025-2799 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
NOT-FOR-US: WordPress plugin
CVE-2025-53906 (Vim is an open source, command line text editor. Prior to version 9.1. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1109374)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/2
CVE-2025-53905 (Vim is an open source, command line text editor. Prior to version 9.1. ...)
- - vim <unfixed>
+ - vim <unfixed> (bug #1109374)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/1
CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
@@ -90,7 +90,7 @@ CVE-2025-6972 (Use After Free vulnerability exists in the CATPRODUCT file readin
CVE-2025-6971 (Use After Free vulnerability exists in the CATPRODUCT file reading pro ...)
NOT-FOR-US: Dassault Systemes
CVE-2025-6965 (There exists a vulnerability in SQLite versions before 3.50.2 where th ...)
- - sqlite3 <unfixed>
+ - sqlite3 <unfixed> (bug #1109379)
NOTE: https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in Google ...)
- chromium 138.0.7204.157-1
@@ -114,28 +114,28 @@ CVE-2025-53032 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-53031 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
NOT-FOR-US: Oracle
CVE-2025-53030 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53029 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53027 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53025 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53024 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- - virtualbox <unfixed>
+ - virtualbox <unfixed> (bug #1109373)
NOTE: https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
CVE-2025-53023 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-52379 (Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below conta ...)
NOT-FOR-US: Nexxt Solutions NCM-X1800 Mesh Router firmware
CVE-2025-52378 (Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 ...)
@@ -165,61 +165,61 @@ CVE-2025-50106 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
CVE-2025-50105 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2025-50104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <not-affected> (Only affects MySQL 9)
CVE-2025-50102 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50101 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50100 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50099 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50098 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50096 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <not-affected> (Only affects MySQL 9)
CVE-2025-50094 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50093 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50091 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50090 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2025-50089 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <not-affected> (Only affects MySQL 9)
CVE-2025-50088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50086 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50085 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50083 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50082 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50081 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50080 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50077 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-8.0 <unfixed>
+ - mysql-8.0 <unfixed> (bug #1109372)
CVE-2025-50076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.28-1
CVE-2025-50073 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -5247,7 +5247,7 @@ CVE-2025-6855 (A vulnerability, which was classified as critical, has been found
CVE-2025-6854 (A vulnerability classified as problematic was found in chatchat-space ...)
NOT-FOR-US: Langchain-Chatchat
CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and classified as ...)
- - libowasp-esapi-java <unfixed>
+ - libowasp-esapi-java <unfixed> (bug #1109378)
NOTE: https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512 (esapi-2.7.0.0)
NOTE: https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56 (esapi-2.7.0.0)
CVE-2025-24292 (A misconfigured query in UniFi Network (v9.1.120 and earlier) could al ...)
@@ -9286,7 +9286,7 @@ CVE-2025-23252 (The NVIDIA NVDebug tool contains a vulnerability that may allow
CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48945 (pycares is a Python module which provides an interface to c-ares. c-ar ...)
- - pycares <unfixed>
+ - pycares <unfixed> (bug #1109377)
[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
[bullseye] - pycares <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
@@ -9313,7 +9313,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complex
[bullseye] - python3.9 <postponed> (Minor issue; can be fixed in next update)
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- - jython <unfixed>
+ - jython <unfixed> (bug #1109376)
[bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4deeb85880f53f788e762b5367c968df39fc0fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4deeb85880f53f788e762b5367c968df39fc0fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/fc68fb73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list