Lucene search
K

28 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

3.5CVSS6.2AI score0.01006EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-37148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

8.1CVSS5.9AI score0.20229EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-38370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without...

7.5CVSS5.5AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-37147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

4.3CVSS5.5AI score0.00685EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-37149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An...

8.8CVSS5.7AI score0.21078EPSS
Exploits0References2
OSV
OSV
added 2024/12/11 5:15 p.m.4 views

UBUNTU-CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/11 12:0 a.m.4 views

GLPI 访问控制错误漏洞

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

8.8CVSS4.6AI score0.00457EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 9:12 p.m.11 views

CVE-2024-38370 GLPI allows API document download without rights

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...

5.3CVSS7.1AI score0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

GLPI 授权问题漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...

7.5CVSS6.5AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.7 views

PT-2024-8175 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.3.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to an account through the API. An authenticated user...

10CVSS7.5AI score0.86182EPSS
Exploits9References80
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.5 views

PT-2024-7682 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.16 Description: The issue is related to incorrect session management in the GLPI system, which can allow a remote attacker to gain full access to the application by intercepting a session. An unauthenticated...

9.8CVSS9.6AI score0.86182EPSS
Exploits9References79
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-10159 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: GLPI is a free asset and IT management software package. The issue is related to incorrect access control, allowing an authenticated user to use an application endpoint to delete any user accoun...

9.8CVSS7AI score0.86182EPSS
Exploits9References76
OSV
OSV
added 2024/07/10 8:15 p.m.1 views

UBUNTU-CVE-2024-37148

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...

8.1CVSS5.9AI score0.20229EPSS
Exploits0References3
OSV
OSV
added 2024/07/10 8:15 p.m.3 views

UBUNTU-CVE-2024-37149

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...

8.8CVSS5.9AI score0.21078EPSS
Exploits0References3
OSV
OSV
added 2024/07/10 7:15 p.m.2 views

UBUNTU-CVE-2024-37147

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS5.8AI score0.00685EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.5 views

PT-2024-5859 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...

8.8CVSS6.1AI score0.21078EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-5861 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. An authenticated user can attach a document ...

8.8CVSS5.8AI score0.21078EPSS
Exploits1References25
FreeBSD
FreeBSD
added 2024/06/03 12:0 a.m.30 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

8.8CVSS9AI score0.21078EPSS
Exploits1References4
Amazon
Amazon
added 2024/01/09 12:0 a.m.3 views

Medium: jetty

Issue Overview: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space...

3.5CVSS7AI score0.01006EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/10/12 12:0 a.m.35 views

Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

7.5CVSS7.5AI score0.03754EPSS
Exploits1References2
Rows per page
Query Builder