FreeBSD Bugzilla – Attachment 250287 Details for
Bug 278642
security/vuxml: references 2 CVE for www/glpi < 10.0.15
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE entry affecting glpi < 10.0.15
vuxlm-glpi-10.0.15.diff (text/plain), 1.33 KB, created by
Mathias Monnerville
on 2024-04-28 19:51:48 UTC
(
hide
)
Description:
CVE entry affecting glpi < 10.0.15
Filename:
MIME Type:
Creator:
Mathias Monnerville
Created:
2024-04-28 19:51:48 UTC
Size:
1.33 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index b09536e6f..9cd8da8a0 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,34 @@ >+ <vuln vid="5da8b1e6-0591-11ef-9e00-080027957747"> >+ <topic>GLPI -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><lt>10.0.15,1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>GLPI team reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.15"> >+ <p>GLPI 10.0.15 Changelog</p> >+ <ul> >+ <li>[SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)</li> >+ <li>[SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2024-31456</cvename> >+ <cvename>CVE-2024-29889</cvename> >+ <url>https://github.com/glpi-project/glpi/releases/tag/10.0.15</url> >+ </references> >+ <dates> >+ <discovery>2024-04-03</discovery> >+ <entry>2024-04-28</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="b3affee8-04d1-11ef-8928-901b0ef714d4"> > <topic>py-social-auth-app-django -- Improper Handling of Case Sensitivity</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
mathias
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 278642
: 250287