6 matches found
Eclipse Jetty 安全漏洞
Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that originates from an invalid HTTP/2 request that could result in a denial of service and affects the following products and versions:...
Teclib GLPI Cross-Site Scripting Vulnerability (CNVD-2020-32422)
Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A cross-site scripting vulnerability exists in Knowledge base in Teclib GLPI...
Teclib GLPI SQL Injection Vulnerability
Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A SQL injection vulnerability exists in Teclib GLPI versions prior to 9.4.6...
UBUNTU-CVE-2020-11034
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6...
UBUNTU-CVE-2020-11036
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "alert1" reproduces the attack. This can be exploited by a user with administrator privileges i...
UBUNTU-CVE-2020-11032
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6...