Search CVE reports
1 – 10 of 148 results
CVE-2024-37149
Medium priorityGLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-37148
Medium priorityGLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-37147
Medium priorityGLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-28241
Medium priorityThe GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-28240
Medium priorityThe GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-27914
Medium priorityGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-27104
Medium priorityGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-27098
Medium priorityGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-27096
Medium priorityGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |
CVE-2024-27937
Medium priorityGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been...
1 affected packages
glpi
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glpi | Not in release | Not in release | Not in release | — | Needs evaluation |