EUVD-2024-29339

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-31456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This...

UBUNTU-CVE-2024-29889

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15...

CVE-2024-31456

GLPI before version 10.0.15 is vulnerable to an authenticated SQL injection via the map search function. The root cause is improper handling of SQL queries in the map search feature, allowing disclosure of protected information. The issue is fixed in GLPI 10.0.15. Mitigation: upgrade to 10.0.15 o...

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

PT-2024-3701 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.15 Description: The issue concerns a SQL injection vulnerability that can be exploited by an authenticated user through the map search function. This vulnerability allows a remote attacker to disclose protected...

BIT-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values toexceed their size limit. MetaDataBuilder.java determines if a...

Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

org.eclipse.jetty.documentation:jetty-documentation (>=10.0.10 <=10.0.15), org.eclipse.jetty.http3:http3-client (>=10.0.10 <=10.0.15) +6 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=10.0.10 <=10.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =5.26.1, =5.27.0 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

Eclipse Jetty OpenID Vulnerability (GHSA-pwh8-58vv-vw48) - Linux

Eclipse Jetty is prone to a vulnerability in OpenIdAuthenticator. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Eclipse Jetty CgiServlet Vulnerability (GHSA-3gh6-v5v9-6v9j) - Windows

Eclipse Jetty is prone to a vulnerability in the CgiServlet. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

GHSA-P26G-97M4-6Q7C Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double quote, it will continue to read the cookie string unti...

MariaDB 10.0.0 < 10.0.15 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.15 advisory. - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect...