Filtered by vendor Teclib-edition
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39190 | 1 Teclib-edition | 1 System Center Configuration Manager | 2022-09-26 | N/A | 5.3 MEDIUM |
| The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist. | |||||
| CVE-2021-43779 | 1 Teclib-edition | 1 Addressing | 2022-08-08 | 9.0 HIGH | 9.9 CRITICAL |
| GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin. | |||||
| CVE-2019-12724 | 1 Teclib-edition | 1 News | 2020-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter. | |||||
| CVE-2019-10231 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php). | |||||
| CVE-2019-12723 | 1 Teclib-edition | 1 Fields | 2019-07-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user. | |||||
| CVE-2019-10232 | 1 Teclib-edition | 1 Gestionnaire Libre De Parc Informatique | 2019-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php. | |||||
| CVE-2018-7289 | 1 Teclib-edition | 1 Armadito Antivirus | 2018-03-17 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters. | |||||