[Secure-testing-commits] r58704 - data/CVE

Tue Dec 19 21:10:14 UTC 2017

Author: sectracker
Date: 2017-12-19 21:10:14 +0000 (Tue, 19 Dec 2017)
New Revision: 58704

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-19 21:07:14 UTC (rev 58703)
+++ data/CVE/list	2017-12-19 21:10:14 UTC (rev 58704)
@@ -1,4 +1,5 @@
 CVE-2017-17476 [OSA-2017-10: Session hijacking]
+	RESERVED
 	- otrs2 <unfixed> (bug #884801)
 	NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
 	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
@@ -40,8 +41,8 @@
 	RESERVED
 CVE-2017-17754
 	RESERVED
-CVE-2017-17753
-	RESERVED
+CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2017-17752
 	RESERVED
 CVE-2017-17751
@@ -58,8 +59,8 @@
 	RESERVED
 CVE-2017-17745
 	RESERVED
-CVE-2017-17744
-	RESERVED
+CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...)
+	TODO: check
 CVE-2017-17743
 	RESERVED
 CVE-2017-17742
@@ -111,8 +112,8 @@
 	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2017-17720
 	RESERVED
-CVE-2017-17719
-	RESERVED
+CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin ...)
+	TODO: check
 CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...)
 	- ruby-net-ldap <unfixed> (bug #884693)
 	[jessie] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
@@ -4976,7 +4977,7 @@
 CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
 	- mensis <removed> (unimportant)
 	NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
-CVE-2017-17533 (default.tcl in Tkabber 1.1 does not validate strings before launching ...)
+CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings ...)
 	- tkabber <not-affected>
 	NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
 	NOTE: TCL's exec call does not involve the shell. It does its own argument parsing which safely forwards the content of any variable. No command injection is thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
@@ -7316,8 +7317,8 @@
 	- tiff3 <removed> (unimportant)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
 	NOTE: Crash in CLI tool not treated as a security issue
-CVE-2017-17088
-	RESERVED
+CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...)
+	TODO: check
 CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
 	- vim <unfixed>
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -9096,7 +9097,7 @@
 CVE-2017-16922
 	RESERVED
 CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...)
-	{DSA-4066-1}
+	{DSA-4066-1 DLA-1212-1}
 	- otrs2 6.0.2-1 (bug #883774)
 	NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
@@ -9721,7 +9722,7 @@
 CVE-2017-16855 (Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability." ...)
 	- ipsilon <itp> (bug #826838)
 CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
-	{DSA-4066-1}
+	{DSA-4066-1 DLA-1212-1}
 	- otrs2 6.0.2-1
 	NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
 	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
@@ -9959,8 +9960,8 @@
 	TODO: check
 CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
 	TODO: check
-CVE-2017-16786
-	RESERVED
+CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
+	TODO: check
 CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...)
@@ -10229,7 +10230,7 @@
 CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
 	NOT-FOR-US: RemObjects Remoting SDK
 CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...)
-	{DSA-4047-1}
+	{DSA-4047-1 DLA-1212-1}
 	- otrs2 5.0.24-1 (bug #882370)
 	NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
@@ -12609,6 +12610,7 @@
 CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...)
 	- frr <itp> (bug #863249)
 CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x ...)
+	{DLA-1212-1}
 	- otrs2 4.0.7-2
 	[jessie] - otrs2 3.3.18-1+deb8u2
 	NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/
@@ -14909,10 +14911,10 @@
 	- teampass <itp> (bug #730180)
 CVE-2017-15050
 	RESERVED
-CVE-2017-15049
-	RESERVED
-CVE-2017-15048
-	RESERVED
+CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before ...)
+	TODO: check
+CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom ...)
+	TODO: check
 CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
 	- redis 4:4.0.2-5 (bug #878076; unimportant)
 	[jessie] - redis <not-affected> (Vulnerable code introduced later)
@@ -142887,8 +142889,7 @@
 	{DSA-2893-1}
 	- openswan <removed> (bug #737406)
 	NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
-CVE-2013-6465
-	RESERVED
+CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE ...)
 	NOT-FOR-US: JBPM KIE Workbench
 CVE-2013-6464
 	RESERVED


