[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 20 Oct 2018 01:10:44 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b1a27a7b by security tracker role at 2018-10-20T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2018-18538
+       RESERVED
+CVE-2018-18537
+       RESERVED
+CVE-2018-18536
+       RESERVED
+CVE-2018-18535
+       RESERVED
+CVE-2018-18534
+       RESERVED
+CVE-2018-18533
+       RESERVED
+CVE-2018-18532
+       RESERVED
+CVE-2018-18531 (text/impl/DefaultTextCreator.java, 
text/impl/ChineseTextProducer.java, ...)
+       TODO: check
+CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter 
because the ...)
+       TODO: check
+CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter 
because the ...)
+       TODO: check
 CVE-2018-18528
        RESERVED
 CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId 
or ...)
@@ -229,8 +249,7 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 
4.17.x, and 4.18.x b
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
        NOTE: 
https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
-CVE-2018-18438 [Integer overflow in ccid_card_vscard_read() allows memory 
corruption]
-       RESERVED
+CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its 
associated ...)
        - qemu <unfixed>
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
@@ -253,8 +272,8 @@ CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. 
admin\setting.inc.ph
        NOT-FOR-US: DESTOON B2B
 CVE-2018-18429
        RESERVED
-CVE-2018-18428
-       RESERVED
+CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow 
unauthenticated RTSP ...)
+       TODO: check
 CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id 
parameter ...)
        NOT-FOR-US: s-cms
 CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP 
code by ...)
@@ -269,16 +288,16 @@ CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a 
user account via the .
        NOT-FOR-US: UsualToolCMS
 CVE-2018-18421
        RESERVED
-CVE-2018-18420
-       RESERVED
-CVE-2018-18419
-       RESERVED
+CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered 
in the ...)
+       TODO: check
+CVE-2018-18419 (Stored XSS has been discovered in the upload section of 
ARDAWAN.COM ...)
+       TODO: check
 CVE-2018-18418
        RESERVED
-CVE-2018-18417
-       RESERVED
-CVE-2018-18416
-       RESERVED
+CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS 
has been ...)
+       TODO: check
+CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input 
and ...)
+       TODO: check
 CVE-2018-18415
        RESERVED
 CVE-2018-18414
@@ -317,8 +336,8 @@ CVE-2018-18400
        RESERVED
 CVE-2018-18399
        RESERVED
-CVE-2018-18398
-       RESERVED
+CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the 
IBus-Unikey ...)
+       TODO: check
 CVE-2018-18397
        RESERVED
 CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and 
Device ...)
@@ -365,8 +384,8 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code 
Execution via PHP code in a
        NOT-FOR-US: Advanced HRM
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in 
...)
        NOT-FOR-US: Z-BlogPHP
-CVE-2018-18380
-       RESERVED
+CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php 
accepts ...)
+       TODO: check
 CVE-2018-18379
        RESERVED
 CVE-2018-18378
@@ -565,8 +584,7 @@ CVE-2018-18286
        RESERVED
 CVE-2018-18285
        RESERVED
-CVE-2018-18284 [1Policy operator gives access to .forceput]
-       RESERVED
+CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to 
bypass a ...)
        - ghostscript 9.25~dfsg-3 (bug #911175)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -875,10 +893,10 @@ CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP 
dissector could crash. Thi
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
        NOTE: https://www.wireshark.org/security/wnpa-sec-2018-49.html
-CVE-2018-18224
-       RESERVED
-CVE-2018-18223
-       RESERVED
+CVE-2018-18224 (A vulnerability exists in the file reading procedure in Open 
Design ...)
+       TODO: check
+CVE-2018-18223 (Open Design Alliance Drawings SDK 2019Update1 has a 
vulnerability ...)
+       TODO: check
 CVE-2018-18222
        RESERVED
 CVE-2018-18221
@@ -1326,8 +1344,8 @@ CVE-2018-18028
        RESERVED
 CVE-2018-18027
        RESERVED
-CVE-2018-18026
-       RESERVED
+CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and 
possibly lower ...)
+       TODO: check
 CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer 
over-read in ...)
        - imagemagick <unfixed> (bug #911435)
        [stretch] - imagemagick <postponed> (Fix along in next DSA)
@@ -14209,26 +14227,26 @@ CVE-2018-12677
        RESERVED
 CVE-2018-12676
        RESERVED
-CVE-2018-12675
-       RESERVED
-CVE-2018-12674
-       RESERVED
-CVE-2018-12673
-       RESERVED
-CVE-2018-12672
-       RESERVED
-CVE-2018-12671
-       RESERVED
-CVE-2018-12670
-       RESERVED
-CVE-2018-12669
-       RESERVED
-CVE-2018-12668
-       RESERVED
-CVE-2018-12667
-       RESERVED
-CVE-2018-12666
-       RESERVED
+CVE-2018-12675 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B 
and ...)
+       TODO: check
+CVE-2018-12674 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B 
and ...)
+       TODO: check
+CVE-2018-12673 (An attacker with remote access to the SV3C HD Camera (L-SERIES 
...)
+       TODO: check
+CVE-2018-12672 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) 
does not ...)
+       TODO: check
+CVE-2018-12671 (An attacker with remote access to the SV3C HD Camera (L-SERIES 
...)
+       TODO: check
+CVE-2018-12670 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+       TODO: check
+CVE-2018-12669 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+       TODO: check
+CVE-2018-12668 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+       TODO: check
+CVE-2018-12667 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B 
and ...)
+       TODO: check
+CVE-2018-12666 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices 
...)
+       TODO: check
 CVE-2018-12665
        RESERVED
 CVE-2018-12664



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a27a7b15b670583783390e7f6e458eab8f9771

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a27a7b15b670583783390e7f6e458eab8f9771
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to