Search CVE reports
141 – 150 of 26941 results
CVE-2023-4639
Medium priorityA flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or...
1 affected packages
undertow
| Package | 20.04 LTS |
|---|---|
| undertow | Needs evaluation |
CVE-2020-25720
Medium priorityA vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after...
1 affected packages
samba
| Package | 20.04 LTS |
|---|---|
| samba | Vulnerable |
CVE-2024-52867
Medium priorityNot in release
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability...
1 affected packages
guix
| Package | 20.04 LTS |
|---|---|
| guix | Not in release |
CVE-2024-38370
Medium priorityNot in release
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-45611
Medium priorityNot in release
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS...
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-45610
Medium priorityNot in release
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order...
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-45609
Medium priorityNot in release
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to...
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-45608
Medium priorityNot in release
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-43418
Medium priorityNot in release
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability. Upgrade to 10.0.17.
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |
CVE-2024-43417
Medium priorityNot in release
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Software form. Upgrade to 10.0.17.
1 affected packages
glpi
| Package | 20.04 LTS |
|---|---|
| glpi | Not in release |