[Secure-testing-commits] r58907 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 25 08:32:05 UTC 2017
Author: carnil
Date: 2017-12-25 08:32:05 +0000 (Mon, 25 Dec 2017)
New Revision: 58907
Modified:
data/CVE/list
Log:
Add four new dolibarr issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-24 21:10:13 UTC (rev 58906)
+++ data/CVE/list 2017-12-25 08:32:05 UTC (rev 58907)
@@ -1,13 +1,18 @@
CVE-2017-17901
RESERVED
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
- TODO: check
+ - dolibarr <unfixed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
- TODO: check
+ - dolibarr <unfixed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
- TODO: check
+ - dolibarr <unfixed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
- TODO: check
+ - dolibarr <unfixed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
TODO: check
CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name array ...)
More information about the Secure-testing-commits
mailing list