[Git][security-tracker-team/security-tracker][master] CVE-2018-15537/openinventory-server

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b053d175 by Bastien Roucariès at 2024-07-23T18:01:47+00:00
CVE-2018-15537/openinventory-server

According to bug report upstream fixed in openinventory-report component

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -425052,8 +425052,10 @@ CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus,
 CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.)
 	NOT-FOR-US: Agentejo Cockpit
 CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS Inventory ...)
-	- ocsinventory-server <unfixed> (unimportant)
+	- ocsinventory-server 2.8.1+dfsg1+~2.11.1-1 (unimportant)
 	NOTE: Authentication is needed, only supported in trusted environments, see debtags
+	NOTE: Bug https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1323
+	NOTE: fixed in oscinventory-report component version 2.10
 CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)
 	NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b053d175b9295bc4803cace6a40cd2cf49c0ffba

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b053d175b9295bc4803cace6a40cd2cf49c0ffba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240723/00e67492/attachment.htm>