Author: sectracker
Date: 2017-12-19 21:10:14 +0000 (Tue, 19 Dec 2017)
New Revision: 58704
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-19 21:07:14 UTC (rev 58703)
+++ data/CVE/list 2017-12-19 21:10:14 UTC (rev 58704)
@@ -1,4 +1,5 @@
CVE-2017-17476 [OSA-2017-10: Session hijacking]
+ RESERVED
- otrs2 <unfixed> (bug #884801)
NOTE:
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
NOTE: OTRS-6:
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -40,8 +41,8 @@
RESERVED
CVE-2017-17754
RESERVED
-CVE-2017-17753
- RESERVED
+CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2017-17752
RESERVED
CVE-2017-17751
@@ -58,8 +59,8 @@
RESERVED
CVE-2017-17745
RESERVED
-CVE-2017-17744
- RESERVED
+CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map
plugin ...)
+ TODO: check
CVE-2017-17743
RESERVED
CVE-2017-17742
@@ -111,8 +112,8 @@
NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2017-17720
RESERVED
-CVE-2017-17719
- RESERVED
+CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours
plugin ...)
+ TODO: check
CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has
Missing SSL ...)
- ruby-net-ldap <unfixed> (bug #884693)
[jessie] - ruby-net-ldap <ignored> (Doc always said that there is no
validation)
@@ -4976,7 +4977,7 @@
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before
...)
- mensis <removed> (unimportant)
NOTE:
https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
-CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before
launching ...)
+CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate
strings ...)
- tkabber <not-affected>
NOTE:
https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
NOTE: TCL's exec call does not involve the shell. It does its own
argument parsing which safely forwards the content of any variable. No command
injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
@@ -7316,8 +7317,8 @@
- tiff3 <removed> (unimportant)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
NOTE: Crash in CLI tool not treated as a security issue
-CVE-2017-17088
- RESERVED
+CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is
affected ...)
+ TODO: check
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of
a .swp ...)
- vim <unfixed>
[stretch] - vim <no-dsa> (Minor issue)
@@ -9096,7 +9097,7 @@
CVE-2017-16922
RESERVED
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and
including ...)
- {DSA-4066-1}
+ {DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1 (bug #883774)
NOTE:
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -9721,7 +9722,7 @@
CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session
vulnerability." ...)
- ipsilon <itp> (bug #826838)
CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through
4.0.26, ...)
- {DSA-4066-1}
+ {DSA-4066-1 DLA-1212-1}
- otrs2 6.0.2-1
NOTE:
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -9959,8 +9960,8 @@
TODO: check
CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with
...)
TODO: check
-CVE-2017-16786
- RESERVED
+CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with
...)
+ TODO: check
CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template
Injection via ...)
@@ -10229,7 +10230,7 @@
CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to
a ...)
NOT-FOR-US: RemObjects Remoting SDK
CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open
Ticket ...)
- {DSA-4047-1}
+ {DSA-4047-1 DLA-1212-1}
- otrs2 5.0.24-1 (bug #882370)
NOTE:
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -12609,6 +12610,7 @@
CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as
used in ...)
- frr <itp> (bug #863249)
CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS)
3.3.x ...)
+ {DLA-1212-1}
- otrs2 4.0.7-2
[jessie] - otrs2 3.3.18-1+deb8u2
NOTE:
https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/
@@ -14909,10 +14911,10 @@
- teampass <itp> (bug #730180)
CVE-2017-15050
RESERVED
-CVE-2017-15049
- RESERVED
-CVE-2017-15048
- RESERVED
+CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before
...)
+ TODO: check
+CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the
Zoom ...)
+ TODO: check
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2
allows ...)
- redis 4:4.0.2-5 (bug #878076; unimportant)
[jessie] - redis <not-affected> (Vulnerable code introduced later)
@@ -142887,8 +142889,7 @@
{DSA-2893-1}
- openswan <removed> (bug #737406)
NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
-CVE-2013-6465
- RESERVED
+CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE
...)
NOT-FOR-US: JBPM KIE Workbench
CVE-2013-6464
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
