glpi was added to epel7 repo on 2014-01-21
Page updated: 2024-04-20 21:14
Repo Status -
Overall Status
Source NVR: glpi-0.90.5-2.el7 (2018-04-03)
| glpi | glpi-0.90.5-2.el7 |
| 1834490 | NEW | CVE-2020-11033 glpi: any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User [epel-7] |
| 1834493 | NEW | CVE-2020-11036 glpi: XSS in the comments of items in the knowledge base and via the User-Agent for administrators [epel-7] |
| 1834500 | NEW | CVE-2020-11035 glpi: CSRF tokens are generated using an insecure algorithm [epel-7] |
| 1834503 | NEW | CVE-2020-11034 glpi: bypass open redirect protection based on a regexp [epel-7] |
| 1838308 | NEW | CVE-2020-11060 glpi: remote code execution via the backup functionality [epel-7] |
| 1860261 | NEW | CVE-2020-15108 glpi: SQL injection in all usages of Clone feature [epel-7] |
| 1882106 | NEW | CVE-2020-11031 glpi: encryption algorithm used is insecure [epel-7] |
| 1886228 | NEW | CVE-2020-15226 glpi: SQL Injection in the API's search function [epel-7] |
| 1886237 | NEW | CVE-2020-15217 glpi: information disclosure through public FAQ [epel-7] |
| 1886266 | NEW | CVE-2020-15177 glpi: install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api leads to XSS [epel-7] |
| 1886274 | NEW | CVE-2020-15176 glpi: application does not escape or sanitize leads to sql injection and information disclosure [epel-7] |
| 1886277 | NEW | CVE-2020-15175 glpi: information disclosure of files and folders contained in /files/ [epel-7] |
| 1902070 | NEW | CVE-2020-26212 glpi: any CalDAV calendars is read-only for every authenticated user [epel-7] |
| 1904020 | NEW | CVE-2020-27663 glpi: Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType [epel-7] |
| 1904024 | NEW | CVE-2020-27662 glpi: Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table [epel-7] |
| 1939934 | NEW | CVE-2021-21255 glpi: it is possible to switch entities with IDOR from a logged in user [epel-7] |
| 1939937 | NEW | CVE-2021-21258 glpi: cross-site scripting injection vulnerability when using ajax/kanban.php [epel-7] |
| 1939947 | NEW | CVE-2021-21326 glpi: Horizontal Privilege Escalation [epel-7] |
| 1939950 | NEW | CVE-2021-21327 glpi: Unsafe Reflection in getItemForItemtype() [epel-7] |
| 1939954 | NEW | CVE-2021-21324 glpi: Insecure Direct Object Reference (IDOR) on "Solutions" [epel-7] |
| 1939958 | NEW | CVE-2021-21325 glpi: Stored XSS in budget type [epel-7] |
| 1942567 | NEW | CVE-2021-21314 glpi: XSS injection on ticket update [epel-7] |
| 1942570 | NEW | CVE-2021-21312 glpi: Stored XSS on documents [epel-7] |
| 1942573 | NEW | CVE-2021-21313 glpi: XSS on tabs [epel-7] |
| 2047852 | NEW | CVE-2022-21719 glpi: Reflected XSS using reload button [epel-7] |
| 2047855 | NEW | CVE-2022-21720 glpi: SQL injection using custom CSS administration form [epel-7] |
| 2077732 | NEW | CVE-2022-24867 CVE-2022-24868 CVE-2022-24869 glpi: allow for a cross site scripting attack vector [epel-7] |
| 2095536 | NEW | CVE-2022-24876 glpi: cross site scripting [epel-7] |
| 2103139 | NEW | CVE-2022-31068 glpi: possible information leak [epel-7] |
| 2103143 | NEW | CVE-2022-31061 glpi: possible SQL injection on login page [epel-7] |
| 2132606 | NEW | CVE-2021-39213 glpi: IP restriction on GLPI API Bypass with custom header injection [epel-7] |
| 2139933 | NEW | CVE-2022-39234 glpi: persistent cookie allows deleted user to stay logged in [epel-7] |
| 2139939 | NEW | CVE-2022-39262 glpi: injected XSS in login page [epel-7] |
| 2139941 | NEW | CVE-2022-39276 glpi: SSRF in feeds [epel-7] |
| 2140036 | NEW | CVE-2022-39277 glpi: XSS in external links [epel-7] |
| 2140039 | NEW | CVE-2022-39376 glpi: Improper input validation on emails links [epel-7] |
| 2140041 | NEW | CVE-2022-39375 glpi: XSS through public RSS feed [epel-7] |
| 2140045 | NEW | CVE-2022-39370 glpi: Improper access to debug panel [epel-7] |
| 2140047 | NEW | CVE-2022-39371 glpi: Stored XSS through asset inventory [epel-7] |
| 2140049 | NEW | CVE-2022-39372 glpi: Stored XSS in user information [epel-7] |
| 2140051 | NEW | CVE-2022-39373 glpi: Stored XSS in entity name [epel-7] |
| 2184794 | NEW | CVE-2023-28632 glpi: Authenticated user can modify emails of any user [epel-7] |
| 2184796 | NEW | CVE-2023-28633 glpi: Usage of RSS feeds is subject to server-side request forgery [epel-7] |
| 2184799 | NEW | CVE-2023-28634 glpi: user who has the Technician profile could see and generate a Personal token for a Super-Admin [epel-7] |
| 2184813 | NEW | CVE-2023-29006 glpi: Authenticated user can craft URL to execute a system command [epel-7] |
| 2184816 | NEW | CVE-2023-28855 glpi: Access control check allows any authenticated user to write data to any fields container [epel-7] |
| 2184818 | NEW | CVE-2023-28852 glpi: User with dashboard administration rights may hack the dashboard form to store malicious code [epel-7] |
| 2184820 | NEW | CVE-2023-28849 glpi: Inventory endpoint can be used to drive a SQL injection attack [epel-7] |
| 2184822 | NEW | CVE-2023-28838 glpi: SQL Injection vulnerability [epel-7] |
| 2184825 | NEW | CVE-2023-28639 glpi: Malicious link can be crafted by an unauthenticated user [epel-7] |
| 2184827 | NEW | CVE-2023-28636 glpi: Administrator can create a malicious external link [epel-7] |
| 2220914 | NEW | CVE-2023-36808 glpi: SQL injection through Computer Virtual Machine information [epel-7] |
| 2220916 | NEW | CVE-2023-34106 glpi: Unauthorized access to user data [epel-7] |