UBUNTU-CVE-2022-31082

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks...

Malicious Package

Overview consideration-deploy-bot is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

MalSCCM - Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the...

CVE-2022-32159

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS...

CVE-2022-23081

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS...

Malicious code in consideration-deploy-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6867f1ce691162d9df224e8f271a80e438a849bf446f5b16c3e05cbec738a830 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-15837 · Unknown · Openlibrary

Name of the Vulnerable Software and Affected Versions: openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 Description: The issue is related to Reflected XSS. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

Security feature bypass

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

Malicious code in aws-ms-deploy-assistant (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe7c48a4ab3024ab51cf5a3b5bccdd0daa9bd6b87983ef3dd8137c3f697a0993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1200 Malicious code in aws-ms-deploy-assistant (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe7c48a4ab3024ab51cf5a3b5bccdd0daa9bd6b87983ef3dd8137c3f697a0993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-31062 Unauthenticated Local File Inclusion

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

PT-2022-20499 · Plugin · Plugin

Name of the Vulnerable Software and Affected Versions: Plugin versions prior to 1.0.2 Description: A plugin public script can be used to read the content of system files. Recommendations: For versions prior to 1.0.2, upgrade to version 1.0.2. As a temporary workaround, consider deleting the...

CVE-2022-31062

GLPI Inventory Plugin for GLPI is affected by an unauthenticated Local File Inclusion vulnerability in versions before 1.0.2. A public script in the plugin can be used to read system files (root cause: public file/script exposed under b/deploy/index.php path). Impact is reading contents of system...

CVE-2022-31062 Unauthenticated Local File Inclusion

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

Authorization

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

CVE-2022-1936

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...

CVE-2022-1936

CVE-2022-1936 is a GitLab EE vulnerability citing incorrect authorization where an attacker with a valid Project Deploy Token could misuse it from any location despite IP allowlisting. Affected versions: GitLab 12.0–before 14.9.5; 14.10–before 14.10.4; 15.0–before 15.0.1. Root cause is improper a...