[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd3d95c1 by security tracker role at 2025-12-14T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,38 @@
-CVE-2025-67896 [Remote heap corruption]
+CVE-2025-14650 (A flaw has been found in itsourcecode Online Cake Ordering System 1.0. ...)
+	TODO: check
+CVE-2025-14649 (A vulnerability was detected in itsourcecode Online Cake Ordering Syst ...)
+	TODO: check
+CVE-2025-14648 (A security vulnerability has been detected in DedeBIZ up to 6.5.9. Aff ...)
+	TODO: check
+CVE-2025-14647 (A weakness has been identified in code-projects Computer Book Store 1. ...)
+	TODO: check
+CVE-2025-14646 (A security flaw has been discovered in code-projects Student File Mana ...)
+	TODO: check
+CVE-2025-14645 (A vulnerability was identified in code-projects Student File Managemen ...)
+	TODO: check
+CVE-2025-14644 (A vulnerability was determined in itsourcecode Student Management Syst ...)
+	TODO: check
+CVE-2025-14643 (A vulnerability was found in code-projects Simple Attendance Record Sy ...)
+	TODO: check
+CVE-2025-14642 (A vulnerability has been found in code-projects Computer Laboratory Sy ...)
+	TODO: check
+CVE-2025-14641 (A flaw has been found in code-projects Computer Laboratory System 1.0. ...)
+	TODO: check
+CVE-2025-14640 (A flaw has been found in code-projects Student File Management System  ...)
+	TODO: check
+CVE-2025-14639 (A vulnerability was detected in itsourcecode Student Management System ...)
+	TODO: check
+CVE-2025-14638 (A security vulnerability has been detected in itsourcecode Online Pet  ...)
+	TODO: check
+CVE-2025-13832
+	REJECTED
+CVE-2025-13126 (The wpForo Forum plugin for WordPress is vulnerable to generic SQL Inj ...)
+	TODO: check
+CVE-2025-12696 (The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does no ...)
+	TODO: check
+CVE-2025-12537 (The Addon Elements for Elementor plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-67896 (Exim before 4.99.1 allows remote heap corruption that will be further  ...)
 	- exim4 <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/11/2
 	TODO: wait for publication on 2025-12-18 15:00 UTC
@@ -1086,7 +1120,7 @@ CVE-2024-42197 (HCL Workload Scheduler stores user credentials in plain text whi
 	NOT-FOR-US: HCL
 CVE-2024-40593 (A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0  ...)
 	NOT-FOR-US: Fortinet
-CVE-2025-67897 [DOS (crash) via special crafted encrypted message]
+CVE-2025-67897 (In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext  ...)
 	- rust-sequoia-openpgp 2.1.0-1 (bug #1122582)
 	[trixie] - rust-sequoia-openpgp <no-dsa> (Minor issue)
 	[bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd3d95c1fa6f7b5acdf703acefc86530bd977c8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd3d95c1fa6f7b5acdf703acefc86530bd977c8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251214/3dba002e/attachment.htm>