Lucene search
Https://packages.altlinux.org/en/sisyphus/security/411FE2A2E2E3CBD0236934E46A51583EHistorySep 23, 2022 - 12:00 a.m.
Security fix for the ALT Linux 9 package glpi version 9.5.9-alt1
2022-09-2300:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
9
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.963 High
EPSS
Percentile
99.3%
9.5.9-alt1 built Sept. 23, 2022 Pavel Zilke in task #307140
Sept. 14, 2022 Pavel Zilke
- New version 9.5.9
- This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!
- Security fixes:
+ CVE-2022-35945 : XSS through registration API
+ CVE-2022-31143 : Leak of sensitive information through login page error
+ CVE-2022-35914 : [critical] Command injection using a third-party library script
+ CVE-2022-35946 : SQL injection through plugin controller
+ CVE-2022-35947 : [critical] Authentication via SQL injection
+ CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ALT Linux | 9 | src | glpi-9.5.12-alt1.src.rpm | < 9.5.9-alt1 | glpi-9.5.12-alt1.src.rpm |
| ALT Linux | 9 | noarch | glpi-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-9.5.12-alt1.noarch.rpm |
| ALT Linux | 9 | noarch | glpi-apache2-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-apache2-9.5.12-alt1.noarch.rpm |
| ALT Linux | 9 | noarch | glpi-php7-9.5.12-alt1.noarch.rpm | < 9.5.9-alt1 | glpi-php7-9.5.12-alt1.noarch.rpm |
Related
altlinux
altlinux
Security fix for the ALT Linux 10 package glpi version 9.5.9-alt1
2022-09-16 00:00:00
osv
osv
cve
cve
ubuntucve
ubuntucve
cvelist
cvelist
CVE-2022-36112 Blind Server-Side Request Forgery (SSRF) in GLPI
2022-09-14 17:45:18
CVE-2022-35946 SQL injection through plugin controller in GLPI
2022-09-14 17:55:09
prion
prion
Design/Logic Flaw
2022-09-14 18:15:00
Server side request forgery (ssrf)
2022-09-14 18:15:00
Code injection
2022-09-19 16:15:00
huntr
huntr
SSRF in feeds
2022-10-02 18:56:21
Blind SSRF on the RSS Feed
2022-07-18 23:16:15
attackerkb
attackerkb
CVE-2022-35914
2022-09-19 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-UP
2022-10-28 17:45:29
githubexploit
githubexploit
Exploit for Injection in Glpi-Project Glpi
2022-10-12 11:42:08
Exploit for Injection in Glpi-Project Glpi
2022-09-30 16:43:28
Exploit for Injection in Glpi-Project Glpi
2022-09-30 16:43:28
cisa_kev
cisa_kev
Teclib GLPI Remote Code Execution Vulnerability
2023-03-07 00:00:00
packetstorm
packetstorm
GLPI 10.0.2 Command Injection
2022-10-25 00:00:00
htmlLawed 1.2.5 Remote Command Execution
2024-05-02 00:00:00
zdt
zdt
htmlLawed 1.2.5 - Remote Code Execution Exploit
2024-05-19 00:00:00
GLPI 10.0.2 Command Injection Exploit
2022-10-25 00:00:00
checkpoint_advisories
checkpoint_advisories
GLPI Project Code Injection (CVE-2022-35914)
2022-11-06 00:00:00
nessus
nessus
HTMLawed < 1.2.9 Command Injection (CVE-2022-35914)
2023-01-11 00:00:00
nuclei
nuclei
GLPI <=10.0.2 - Remote Command Execution
2022-10-03 12:12:47
metasploit
metasploit
GLPI htmLawed php command injection
2022-10-19 19:33:33
exploitdb
exploitdb
htmlLawed 1.2.5 - Remote Code Execution (RCE)
2024-05-19 00:00:00
thn
thn
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.963 High
EPSS
Percentile
99.3%
Related for 411FE2A2E2E3CBD0236934E46A51583E