[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Wed, 16 Jul 2025 03:30:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e4deeb85 by Moritz Muehlenhoff at 2025-07-16T12:29:52+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,10 +63,10 @@ CVE-2025-2800 (The WP Event Manager \u2013 Events Calendar, 
Registrations, Sell
 CVE-2025-2799 (The WP Event Manager \u2013 Events Calendar, Registrations, 
Sell Ticke ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-53906 (Vim is an open source, command line text editor. Prior to 
version 9.1. ...)
-       - vim <unfixed>
+       - vim <unfixed> (bug #1109374)
        NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/2
 CVE-2025-53905 (Vim is an open source, command line text editor. Prior to 
version 9.1. ...)
-       - vim <unfixed>
+       - vim <unfixed> (bug #1109374)
        NOTE: https://www.openwall.com/lists/oss-security/2025/07/15/1
 CVE-2025-30761 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 <unfixed>
@@ -90,7 +90,7 @@ CVE-2025-6972 (Use After Free vulnerability exists in the 
CATPRODUCT file readin
 CVE-2025-6971 (Use After Free vulnerability exists in the CATPRODUCT file 
reading pro ...)
        NOT-FOR-US: Dassault Systemes
 CVE-2025-6965 (There exists a vulnerability in SQLite versions before 3.50.2 
where th ...)
-       - sqlite3 <unfixed>
+       - sqlite3 <unfixed> (bug #1109379)
        NOTE: 
https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
 CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in 
Google  ...)
        - chromium 138.0.7204.157-1
@@ -114,28 +114,28 @@ CVE-2025-53032 (Vulnerability in the MySQL Server product 
of Oracle MySQL (compo
 CVE-2025-53031 (Vulnerability in the Oracle Financial Services Analytical 
Applications ...)
        NOT-FOR-US: Oracle
 CVE-2025-53030 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53029 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53028 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53027 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53026 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53025 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53024 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1109373)
        NOTE: 
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixOVIR
 CVE-2025-53023 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-52379 (Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and 
below conta ...)
        NOT-FOR-US: Nexxt Solutions NCM-X1800 Mesh Router firmware
 CVE-2025-52378 (Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions 
NCM-X1800  ...)
@@ -165,61 +165,61 @@ CVE-2025-50106 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM for JDK, Ora
 CVE-2025-50105 (Vulnerability in the Oracle Universal Work Queue product of 
Oracle E-B ...)
        NOT-FOR-US: Oracle
 CVE-2025-50104 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50103 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <not-affected> (Only affects MySQL 9)
 CVE-2025-50102 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50101 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50100 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50099 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50098 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50097 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50096 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50095 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <not-affected> (Only affects MySQL 9)
 CVE-2025-50094 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50093 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50092 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50091 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50090 (Vulnerability in the Oracle Applications Framework product of 
Oracle E ...)
        NOT-FOR-US: Oracle
 CVE-2025-50089 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <not-affected> (Only affects MySQL 9)
 CVE-2025-50088 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50087 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50086 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50085 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50084 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50083 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50082 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50081 (Vulnerability in the MySQL Client product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50080 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50079 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50078 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50077 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1109372)
 CVE-2025-50076 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.28-1
 CVE-2025-50073 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
@@ -5247,7 +5247,7 @@ CVE-2025-6855 (A vulnerability, which was classified as 
critical, has been found
 CVE-2025-6854 (A vulnerability classified as problematic was found in 
chatchat-space  ...)
        NOT-FOR-US: Langchain-Chatchat
 CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and 
classified as ...)
-       - libowasp-esapi-java <unfixed>
+       - libowasp-esapi-java <unfixed> (bug #1109378)
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512
 (esapi-2.7.0.0)
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56
 (esapi-2.7.0.0)
 CVE-2025-24292 (A misconfigured query in UniFi Network (v9.1.120 and earlier) 
could al ...)
@@ -9286,7 +9286,7 @@ CVE-2025-23252 (The NVIDIA NVDebug tool contains a 
vulnerability that may allow
 CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email 
Marketing, ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-48945 (pycares is a Python module which provides an interface to 
c-ares. c-ar ...)
-       - pycares <unfixed>
+       - pycares <unfixed> (bug #1109377)
        [bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
        [bullseye] - pycares <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
@@ -9313,7 +9313,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had 
worse-case quadratic complex
        [bullseye] - python3.9 <postponed> (Minor issue; can be fixed in next 
update)
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
-       - jython <unfixed>
+       - jython <unfixed> (bug #1109376)
        [bookworm] - jython <no-dsa> (Minor issue)
        [bullseye] - jython <end-of-life> (EOL in bullseye LTS)
        NOTE: 
https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4deeb85880f53f788e762b5367c968df39fc0fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4deeb85880f53f788e762b5367c968df39fc0fd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to