|
Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="6091d1d8-4347-11ef-a4d4-080027957747"> |
| 2 |
<topic>GLPI -- multiple vulnerabilities</topic> |
| 3 |
<affects> |
| 4 |
<package> |
| 5 |
<name>glpi</name> |
| 6 |
<range><lt>10.0.16,1</lt></range> |
| 7 |
</package> |
| 8 |
</affects> |
| 9 |
<description> |
| 10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 11 |
<p>GLPI team reports:</p> |
| 12 |
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.16"> |
| 13 |
<p>GLPI 10.0.16 Changelog</p> |
| 14 |
<ul> |
| 15 |
<li>[SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)</li> |
| 16 |
<li>[SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)</li> |
| 17 |
<li>[SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)</li> |
| 18 |
</ul> |
| 19 |
</blockquote> |
| 20 |
</body> |
| 21 |
</description> |
| 22 |
<references> |
| 23 |
<cvename>CVE-2024-37148</cvename> |
| 24 |
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148</url> |
| 25 |
<cvename>CVE-2024-37149</cvename> |
| 26 |
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149</url> |
| 27 |
<cvename>CVE-2024-37147</cvename> |
| 28 |
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37147</url> |
| 29 |
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.16</url> |
| 30 |
</references> |
| 31 |
<dates> |
| 32 |
<discovery>2024-06-03</discovery> |
| 33 |
<entry>2024-07-16</entry> |
| 34 |
</dates> |
| 35 |
</vuln> |
| 36 |
|
| 1 |
<vuln vid="6410f91d-1214-4f92-b7e0-852e39e265f9"> |
37 |
<vuln vid="6410f91d-1214-4f92-b7e0-852e39e265f9"> |
| 2 |
<topic>electron30 -- multiple vulnerabilities</topic> |
38 |
<topic>electron30 -- multiple vulnerabilities</topic> |
| 3 |
<affects> |
39 |
<affects> |