automatic update

2 files changed, 94 insertions, 68 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 8b70e0f08b..159ca822de 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1030,7 +1030,7 @@ CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...)
+CVE-2001-0593 (Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index b3711bddc3..d45746f614 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,31 @@
+CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to ...)
+	TODO: check
+CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to ...)
+	TODO: check
+CVE-2018-19317
+	RESERVED
+CVE-2018-19316
+	RESERVED
+CVE-2018-19315
+	RESERVED
+CVE-2018-19314
+	RESERVED
+CVE-2018-19313
+	RESERVED
+CVE-2018-19312 (Centreon 3.4.x allows SQL Injection via the searchVM parameter to the ...)
+	TODO: check
+CVE-2018-19311 (Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 ...)
+	TODO: check
+CVE-2018-19310
+	RESERVED
+CVE-2018-19309
+	RESERVED
+CVE-2018-19308
+	RESERVED
+CVE-2018-19307
+	RESERVED
+CVE-2018-19306
+	RESERVED
 CVE-2018-19305
 	RESERVED
 CVE-2018-19304
@@ -16,8 +44,8 @@ CVE-2018-19298
 	RESERVED
 CVE-2018-19297
 	RESERVED
-CVE-2018-19296
-	RESERVED
+CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object ...)
+	TODO: check
 CVE-2018-19295
 	RESERVED
 CVE-2018-19294
@@ -1150,34 +1178,34 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
 	- squid3 <removed> (unimportant)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
 	NOTE: Squid in Debian builds without TLS support
-CVE-2018-18806
-	RESERVED
-CVE-2018-18805
-	RESERVED
-CVE-2018-18804
-	RESERVED
-CVE-2018-18803
-	RESERVED
+CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the ...)
+	TODO: check
+CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
+	TODO: check
+CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...)
+	TODO: check
+CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login ...)
+	TODO: check
 CVE-2018-18802
 	RESERVED
-CVE-2018-18801
-	RESERVED
+CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via ...)
+	TODO: check
 CVE-2018-18800
 	RESERVED
-CVE-2018-18799
-	RESERVED
+CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via ...)
+	TODO: check
 CVE-2018-18798
 	RESERVED
-CVE-2018-18797
-	RESERVED
-CVE-2018-18796
-	RESERVED
-CVE-2018-18795
-	RESERVED
-CVE-2018-18794
-	RESERVED
-CVE-2018-18793
-	RESERVED
+CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via ...)
+	TODO: check
+CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the &quot;Search for ...)
+	TODO: check
+CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the ...)
+	TODO: check
+CVE-2018-18794 (School Event Management System 1.0 allows CSRF via ...)
+	TODO: check
+CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File Upload via ...)
+	TODO: check
 CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
 	NOT-FOR-US: zzcms
 CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
@@ -1243,24 +1271,24 @@ CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the
 	[stretch] - smplayer <not-affected> (Vulnerable code not present)
 	[jessie] - smplayer <not-affected> (Vulnerable code not present)
 	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
-CVE-2018-18763
-	RESERVED
+CVE-2018-18763 (SaltOS 3.1 r8126 allows ...)
+	TODO: check
 CVE-2018-18762
 	RESERVED
-CVE-2018-18761
-	RESERVED
-CVE-2018-18760
-	RESERVED
-CVE-2018-18759
-	RESERVED
+CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&amp;querystring=&amp;user=[SQL] SQL ...)
+	TODO: check
+CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
+	TODO: check
+CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
+	TODO: check
 CVE-2018-18758
 	RESERVED
 CVE-2018-18757
 	RESERVED
-CVE-2018-18756
-	RESERVED
-CVE-2018-18755
-	RESERVED
+CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on Port ...)
+	TODO: check
+CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the admin/user/group/update ...)
+	TODO: check
 CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account ...)
 	NOT-FOR-US: ZyXEL
 CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via ...)
@@ -6943,16 +6971,14 @@ CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular expressions are mishandle
 	NOT-FOR-US: Twistlock AuthZ Broker
 CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a &quot;file upload&quot; ...)
 	- limesurvey <itp> (bug #472802)
-CVE-2018-16396 [Tainted flags are not propagated in Array#pack and String#unpack with some directives]
-	RESERVED
+CVE-2018-16396 (An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, ...)
 	{DSA-4332-1 DLA-1558-1}
 	- ruby2.5 <unfixed> (bug #911920)
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
 	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
 	NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
-CVE-2018-16395 [OpenSSL::X509::Name equality check does not work correctly]
-	RESERVED
+CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before 2.3.8, ...)
 	{DSA-4332-1 DLA-1558-1}
 	- ruby-openssl <unfixed> (bug #911918)
 	- ruby2.5 <unfixed> (bug #911919)
@@ -8699,10 +8725,10 @@ CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote
 	NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote ...)
 	NOT-FOR-US: ASUSTOR Data Master
-CVE-2018-15693
-	RESERVED
-CVE-2018-15692
-	RESERVED
+CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows ...)
+	TODO: check
+CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows ...)
+	TODO: check
 CVE-2018-15691 (Insecure deserialization of a specially crafted serialized object, in ...)
 	NOT-FOR-US: CA Release Automation
 CVE-2018-15690
@@ -10636,7 +10662,7 @@ CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, re
 	NOTE: https://sourceforge.net/p/tikiwiki/code/66809
 CVE-2018-14848
 	RESERVED
-CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote attackers to ...)
+CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote attackers ...)
 	NOT-FOR-US: Winbox for MikroTik RouterOS
 CVE-2018-14846
 	RESERVED
@@ -25537,10 +25563,10 @@ CVE-2018-9088
 	RESERVED
 CVE-2018-9087
 	RESERVED
-CVE-2018-9086
-	RESERVED
-CVE-2018-9085
-	RESERVED
+CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection ...)
+	TODO: check
+CVE-2018-9085 (A write protection lock bit was left unset after boot on an older ...)
+	TODO: check
 CVE-2018-9084
 	RESERVED
 CVE-2018-9083
@@ -25563,12 +25589,12 @@ CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.3
 	NOT-FOR-US: Lenovo
 CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
 	NOT-FOR-US: Lenovo
-CVE-2018-9073
-	RESERVED
+CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes ...)
+	TODO: check
 CVE-2018-9072
 	RESERVED
-CVE-2018-9071
-	RESERVED
+CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows ...)
+	TODO: check
 CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...)
 	NOT-FOR-US: Lenovo
 CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race condition in ...)
@@ -29898,16 +29924,16 @@ CVE-2018-7365
 	RESERVED
 CVE-2018-7364
 	RESERVED
-CVE-2018-7363
-	RESERVED
-CVE-2018-7362
-	RESERVED
-CVE-2018-7361
-	RESERVED
-CVE-2018-7360
-	RESERVED
-CVE-2018-7359
-	RESERVED
+CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
+	TODO: check
+CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
+	TODO: check
+CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
+	TODO: check
+CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
+	TODO: check
+CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
+	TODO: check
 CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, ...)
 	NOT-FOR-US: ZTE ZXHN H168N product
 CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, ...)
@@ -44245,8 +44271,8 @@ CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
 	NOT-FOR-US: IBM
 CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
 	NOT-FOR-US: IBM WebSphere Application Server
-CVE-2018-1797
-	RESERVED
+CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using ...)
+	TODO: check
 CVE-2018-1796
 	RESERVED
 CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10 ...)
@@ -44561,8 +44587,8 @@ CVE-2018-1641
 	RESERVED
 CVE-2018-1640
 	RESERVED
-CVE-2018-1639
-	RESERVED
+CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 ...)
+	TODO: check
 CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two ...)
 	NOT-FOR-US: IBM
 CVE-2018-1637