EUVD-2023-32476

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration...

Linux Distros Unpatched Vulnerability : CVE-2023-28632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emai...

Linux Distros Unpatched Vulnerability : CVE-2023-28838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow...

CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

CVE-2023-28639

GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is...

UBUNTU-CVE-2023-28852

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versio...

UBUNTU-CVE-2023-28838

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

UBUNTU-CVE-2023-28636

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

Design/Logic Flaw

GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7...

CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...

CVE-2023-28636

GLPI vulnerability CVE-2023-28636 affects GLPI versions before 9.5.13 and 10.0.7 (starting from version 0.60). An administrator can create a malicious external link due to the flaw, with fixes implemented in 9.5.13 and 10.0.7. Exploitation details are not described in the provided documents beyon...

Server side request forgery (ssrf)

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery SSRF. In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature...

PT-2023-3264 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.85 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient user data sanitization on search pages, allowing an attacker to craft a malicious link that can exploit a reflected XSS wh...

PT-2023-3261 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.84 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to the usage of RSS feeds in GLPI, which is subject to server-side request forgery SSRF. When the remote address is not a valid RSS feed, ...

PT-2023-3260 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.83 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to incorrect privilege management in GLPI, allowing an authenticated user to modify emails of any other user, including the administrator'...

openSUSE Security Update : postgresql95 (openSUSE-2018-696)

This update for postgresql95 fixes the following issues : - Update to PostgreSQL 9.5.13 : - https://www.postgresql.org/docs/9.5/static/release-9-5-13.html A dump/restore is not required for those running 9.5.X. However, if the function marking mistakes mentioned belowpglogfilerotate affect you, y...

openSUSE: Security Advisory for postgresql95 (openSUSE-SU-2018:1900-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PostgreSQL logrotate Vulnerability (May 2018) - Windows

PostgreSQL is vulnerable in the adminpack extension, the pgcatalog.pglogfilerotate function doesn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...