12 matches found
GLPI 访问控制错误漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
GLPI 授权问题漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and i...
PT-2024-10159 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.80 through 10.0.16 Description: GLPI is a free asset and IT management software package. The issue is related to incorrect access control, allowing an authenticated user to use an application endpoint to delete any user accoun...
UBUNTU-CVE-2024-37148
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...
PT-2024-5859 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to the GLPI system, which is an open-source asset and IT management software package providing ITIL Service Desk features, licenses tracking, and software auditing. An...
Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Linux
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
SUSE CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...
Eclipse Jetty CgiServlet Vulnerability (GHSA-3gh6-v5v9-6v9j) - Linux
Eclipse Jetty is prone to a vulnerability in the CgiServlet. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...
CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...
PT-2023-9272 · Eclipse +4 · Eclipse Jetty +4
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.52 Eclipse Jetty versions prior to 10.0.16 Eclipse Jetty versions prior to 11.0.16 Eclipse Jetty versions prior to 12.0.0-beta2 Description: The issue is related to the formation of a command line that...
SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2015:0743-1)
mariadb was updated to version 10.0.16 to fix 40 security issues. These security issues were fixed : - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allowed remote attackers to affect confidentiality, integrity, and availability via...