CVE-2023-35939
- EPSS 0.58%
- Veröffentlicht 05.07.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:09:01
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to intera...
CVE-2023-35940
- EPSS 0.66%
- Veröffentlicht 05.07.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:09:01
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch f...
CVE-2023-34107
- EPSS 0.57%
- Veröffentlicht 05.07.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:06:33
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. ...
CVE-2023-34244
- EPSS 0.51%
- Veröffentlicht 05.07.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:06:51
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the craft...
CVE-2023-35924
- EPSS 52.38%
- Veröffentlicht 05.07.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:08:59
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Vers...
CVE-2023-34106
- EPSS 0.57%
- Veröffentlicht 05.07.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 08:06:33
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users an...
CVE-2023-28636
- EPSS 0.58%
- Veröffentlicht 05.04.2023 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:55:42
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.
CVE-2023-28639
- EPSS 0.61%
- Veröffentlicht 05.04.2023 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:55:43
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticate...
CVE-2023-28838
- EPSS 0.77%
- Veröffentlicht 05.04.2023 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:56:07
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in...
CVE-2023-28849
- EPSS 0.49%
- Veröffentlicht 05.04.2023 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:56:09
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to pe...