28 matches found
Astra Linux – Vulnerability in Jetty9
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...
Linux Distros Unpatched Vulnerability : CVE-2024-37148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...
Linux Distros Unpatched Vulnerability : CVE-2024-38370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without...
Linux Distros Unpatched Vulnerability : CVE-2024-37147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...
Linux Distros Unpatched Vulnerability : CVE-2024-37149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...
UBUNTU-CVE-2024-48912
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...
GLPI 访问控制错误漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CVE-2024-38370 GLPI allows API document download without rights
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...
GLPI 授权问题漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
PT-2024-8175 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.3.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to an account through the API. An authenticated user...
PT-2024-7682 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.16 Description: The issue is related to incorrect session management in the GLPI system, which can allow a remote attacker to gain full access to the application by intercepting a session. An unauthenticated...
PT-2024-10159 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: GLPI is a free asset and IT management software package. The issue is related to incorrect access control, allowing an authenticated user to use an application endpoint to delete any user accoun...
UBUNTU-CVE-2024-37148
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...
UBUNTU-CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
UBUNTU-CVE-2024-37147
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...
PT-2024-5859 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...
PT-2024-5861 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. An authenticated user can attach a document ...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...
Medium: jetty
Issue Overview: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space...
Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...