Author: sectracker Date: 2017-12-19 21:10:14 +0000 (Tue, 19 Dec 2017) New Revision: 58704
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-19 21:07:14 UTC (rev 58703) +++ data/CVE/list 2017-12-19 21:10:14 UTC (rev 58704) @@ -1,4 +1,5 @@ CVE-2017-17476 [OSA-2017-10: Session hijacking] + RESERVED - otrs2 <unfixed> (bug #884801) NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc @@ -40,8 +41,8 @@ RESERVED CVE-2017-17754 RESERVED -CVE-2017-17753 - RESERVED +CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2017-17752 RESERVED CVE-2017-17751 @@ -58,8 +59,8 @@ RESERVED CVE-2017-17745 RESERVED -CVE-2017-17744 - RESERVED +CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...) + TODO: check CVE-2017-17743 RESERVED CVE-2017-17742 @@ -111,8 +112,8 @@ NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET CVE-2017-17720 RESERVED -CVE-2017-17719 - RESERVED +CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin ...) + TODO: check CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...) - ruby-net-ldap <unfixed> (bug #884693) [jessie] - ruby-net-ldap <ignored> (Doc always said that there is no validation) @@ -4976,7 +4977,7 @@ CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...) - mensis <removed> (unimportant) NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428 -CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...) +CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings ...) - tkabber <not-affected> NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118 NOTE: TCL's exec call does not involve the shell. It does its own argument parsing which safely forwards the content of any variable. No command injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm @@ -7316,8 +7317,8 @@ - tiff3 <removed> (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750 NOTE: Crash in CLI tool not treated as a security issue -CVE-2017-17088 - RESERVED +CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...) + TODO: check CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...) - vim <unfixed> [stretch] - vim <no-dsa> (Minor issue) @@ -9096,7 +9097,7 @@ CVE-2017-16922 RESERVED CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...) - {DSA-4066-1} + {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 (bug #883774) NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 @@ -9721,7 +9722,7 @@ CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...) - ipsilon <itp> (bug #826838) CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) - {DSA-4066-1} + {DSA-4066-1 DLA-1212-1} - otrs2 6.0.2-1 NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 @@ -9959,8 +9960,8 @@ TODO: check CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...) TODO: check -CVE-2017-16786 - RESERVED +CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with ...) + TODO: check CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...) NOT-FOR-US: CMS Made Simple CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...) @@ -10229,7 +10230,7 @@ CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...) NOT-FOR-US: RemObjects Remoting SDK CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...) - {DSA-4047-1} + {DSA-4047-1 DLA-1212-1} - otrs2 5.0.24-1 (bug #882370) NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d @@ -12609,6 +12610,7 @@ CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...) - frr <itp> (bug #863249) CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x ...) + {DLA-1212-1} - otrs2 4.0.7-2 [jessie] - otrs2 3.3.18-1+deb8u2 NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ @@ -14909,10 +14911,10 @@ - teampass <itp> (bug #730180) CVE-2017-15050 RESERVED -CVE-2017-15049 - RESERVED -CVE-2017-15048 - RESERVED +CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before ...) + TODO: check +CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom ...) + TODO: check CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...) - redis 4:4.0.2-5 (bug #878076; unimportant) [jessie] - redis <not-affected> (Vulnerable code introduced later) @@ -142887,8 +142889,7 @@ {DSA-2893-1} - openswan <removed> (bug #737406) NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt -CVE-2013-6465 - RESERVED +CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE ...) NOT-FOR-US: JBPM KIE Workbench CVE-2013-6464 RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits