[Git][security-tracker-team/security-tracker][master] Add CVE-2018-15537/ocsinventory-server

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
849847eb by Salvatore Bonaccorso at 2018-12-01T21:25:47Z
Add CVE-2018-15537/ocsinventory-server

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13664,7 +13664,8 @@ CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus,
 CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
 	NOT-FOR-US: Agentejo Cockpit
 CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS Inventory ...)
-	TODO: check
+	- ocsinventory-server <unfixed> (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)
 	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/849847ebd1d4f91b849efe6db3c463ecbc9c5ce8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/849847ebd1d4f91b849efe6db3c463ecbc9c5ce8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181201/8febae00/attachment.html>