Linux Distros Unpatched Vulnerability : CVE-2024-31456

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This...

CVE-2024-57947 netfilter: nf_set_pipapo: fix initial map fill

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...

CVE-2024-31456

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

UBUNTU-CVE-2024-31456

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

CVE-2024-31456

GLPI before version 10.0.15 is vulnerable to an authenticated SQL injection via the map search function. The root cause is improper handling of SQL queries in the map search feature, allowing disclosure of protected information. The issue is fixed in GLPI 10.0.15. Mitigation: upgrade to 10.0.15 o...

CVE-2024-31456 GLPI contains an authenticated SQL injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15...

CVE-2023-44450

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to explo...

CVE-2023-38099

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required...

CVE-2023-38099

NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required...

PT-2024-3701 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.15 Description: The issue concerns a SQL injection vulnerability that can be exploited by an authenticated user through the map search function. This vulnerability allows a remote attacker to disclose protected...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.15 Changelog SECURITY - high Authenticated SQL injection from map search CVE-2024-31456 SECURITY - high Account takeover via SQL Injection in saved searches feature CVE-2024-29889...

CVE-2023-22939

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language SPL command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with...

PT-2023-3794 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System versions affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue,...

CVE-2014-1995

Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-1995

Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-1995

Cross-site scripting XSS vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-1995

CVE-2014-1995 is a reported XSS in Cybozu Garoon’s Map search. Affected: Cybozu Garoon 2.x–3.x (up to 3.7 SP3 per JVN) with vulnerability in the Map search function that may allow remote authenticated users to inject arbitrary script via unspecified vectors (CWE-79). Impact: arbitrary script exec...

Cybozu Garoon vulnerable to cross-site scritping

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...

JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...