Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 148 results


CVE-2024-37149

Medium priority
Needs evaluation

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-37148

Medium priority
Needs evaluation

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-37147

Medium priority
Needs evaluation

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-28241

Medium priority
Needs evaluation

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-28240

Medium priority
Needs evaluation

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-27914

Medium priority
Needs evaluation

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-27104

Medium priority
Needs evaluation

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-27098

Medium priority
Needs evaluation

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-27096

Medium priority
Needs evaluation

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-27937

Medium priority
Needs evaluation

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been...

1 affected packages

glpi

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
glpi Not in release Not in release Not in release Needs evaluation
Show less packages