[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Oct 20 09:10:34 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1a27a7b by security tracker role at 2018-10-20T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2018-18538
+	RESERVED
+CVE-2018-18537
+	RESERVED
+CVE-2018-18536
+	RESERVED
+CVE-2018-18535
+	RESERVED
+CVE-2018-18534
+	RESERVED
+CVE-2018-18533
+	RESERVED
+CVE-2018-18532
+	RESERVED
+CVE-2018-18531 (text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, ...)
+	TODO: check
+CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter because the ...)
+	TODO: check
+CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter because the ...)
+	TODO: check
 CVE-2018-18528
 	RESERVED
 CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or ...)
@@ -229,8 +249,7 @@ CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x b
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
 	NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
-CVE-2018-18438 [Integer overflow in ccid_card_vscard_read() allows memory corruption]
-	RESERVED
+CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated ...)
 	- qemu <unfixed>
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
@@ -253,8 +272,8 @@ CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.ph
 	NOT-FOR-US: DESTOON B2B
 CVE-2018-18429
 	RESERVED
-CVE-2018-18428
-	RESERVED
+CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP ...)
+	TODO: check
 CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter ...)
 	NOT-FOR-US: s-cms
 CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by ...)
@@ -269,16 +288,16 @@ CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the .
 	NOT-FOR-US: UsualToolCMS
 CVE-2018-18421
 	RESERVED
-CVE-2018-18420
-	RESERVED
-CVE-2018-18419
-	RESERVED
+CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered in the ...)
+	TODO: check
+CVE-2018-18419 (Stored XSS has been discovered in the upload section of ARDAWAN.COM ...)
+	TODO: check
 CVE-2018-18418
 	RESERVED
-CVE-2018-18417
-	RESERVED
-CVE-2018-18416
-	RESERVED
+CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been ...)
+	TODO: check
+CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and ...)
+	TODO: check
 CVE-2018-18415
 	RESERVED
 CVE-2018-18414
@@ -317,8 +336,8 @@ CVE-2018-18400
 	RESERVED
 CVE-2018-18399
 	RESERVED
-CVE-2018-18398
-	RESERVED
+CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...)
+	TODO: check
 CVE-2018-18397
 	RESERVED
 CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device ...)
@@ -365,8 +384,8 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a
 	NOT-FOR-US: Advanced HRM
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in ...)
 	NOT-FOR-US: Z-BlogPHP
-CVE-2018-18380
-	RESERVED
+CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php accepts ...)
+	TODO: check
 CVE-2018-18379
 	RESERVED
 CVE-2018-18378
@@ -565,8 +584,7 @@ CVE-2018-18286
 	RESERVED
 CVE-2018-18285
 	RESERVED
-CVE-2018-18284 [1Policy operator gives access to .forceput]
-	RESERVED
+CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
 	- ghostscript 9.25~dfsg-3 (bug #911175)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -875,10 +893,10 @@ CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. Thi
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-49.html
-CVE-2018-18224
-	RESERVED
-CVE-2018-18223
-	RESERVED
+CVE-2018-18224 (A vulnerability exists in the file reading procedure in Open Design ...)
+	TODO: check
+CVE-2018-18223 (Open Design Alliance Drawings SDK 2019Update1 has a vulnerability ...)
+	TODO: check
 CVE-2018-18222
 	RESERVED
 CVE-2018-18221
@@ -1326,8 +1344,8 @@ CVE-2018-18028
 	RESERVED
 CVE-2018-18027
 	RESERVED
-CVE-2018-18026
-	RESERVED
+CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower ...)
+	TODO: check
 CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
 	- imagemagick <unfixed> (bug #911435)
 	[stretch] - imagemagick <postponed> (Fix along in next DSA)
@@ -14209,26 +14227,26 @@ CVE-2018-12677
 	RESERVED
 CVE-2018-12676
 	RESERVED
-CVE-2018-12675
-	RESERVED
-CVE-2018-12674
-	RESERVED
-CVE-2018-12673
-	RESERVED
-CVE-2018-12672
-	RESERVED
-CVE-2018-12671
-	RESERVED
-CVE-2018-12670
-	RESERVED
-CVE-2018-12669
-	RESERVED
-CVE-2018-12668
-	RESERVED
-CVE-2018-12667
-	RESERVED
-CVE-2018-12666
-	RESERVED
+CVE-2018-12675 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12674 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12673 (An attacker with remote access to the SV3C HD Camera (L-SERIES ...)
+	TODO: check
+CVE-2018-12672 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not ...)
+	TODO: check
+CVE-2018-12671 (An attacker with remote access to the SV3C HD Camera (L-SERIES ...)
+	TODO: check
+CVE-2018-12670 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12669 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12668 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12667 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and ...)
+	TODO: check
+CVE-2018-12666 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices ...)
+	TODO: check
 CVE-2018-12665
 	RESERVED
 CVE-2018-12664



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a27a7b15b670583783390e7f6e458eab8f9771

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b1a27a7b15b670583783390e7f6e458eab8f9771
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181020/98ea2a2d/attachment.html>

More information about the debian-security-tracker-commits mailing list