FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6091d1d8-4347-11ef-a4d4-080027957747GLPI -- multiple vulnerabilities

GLPI team reports:

GLPI 10.0.16 Changelog

  • [SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)
  • [SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)
  • [SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)

Discovery 2024-06-03
Entry 2024-07-16
glpi
< 10.0.16,1

CVE-2024-37148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148
CVE-2024-37149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149
CVE-2024-37147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37147
https://github.com/glpi-project/glpi/releases/tag/10.0.16
5da8b1e6-0591-11ef-9e00-080027957747GLPI -- multiple vulnerabilities

GLPI team reports:

GLPI 10.0.15 Changelog

  • [SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
  • [SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)

Discovery 2024-04-03
Entry 2024-04-28
glpi
< 10.0.15,1

CVE-2024-31456
CVE-2024-29889
https://github.com/glpi-project/glpi/releases/tag/10.0.15