Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b053d175 by Bastien Roucariès at 2024-07-23T18:01:47+00:00
CVE-2018-15537/openinventory-server
According to bug report upstream fixed in openinventory-report component
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -425052,8 +425052,10 @@ CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF
protection mechanism. Thus,
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting
vulnerabilities.)
NOT-FOR-US: Agentejo Cockpit
CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS
Inventory ...)
- - ocsinventory-server <unfixed> (unimportant)
+ - ocsinventory-server 2.8.1+dfsg1+~2.11.1-1 (unimportant)
NOTE: Authentication is needed, only supported in trusted environments,
see debtags
+ NOTE: Bug
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1323
+ NOTE: fixed in oscinventory-report component version 2.10
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager
before 9 ...)
NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager
before 9 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b053d175b9295bc4803cace6a40cd2cf49c0ffba
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b053d175b9295bc4803cace6a40cd2cf49c0ffba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
