Сопровождающий Pavel Zilke в ветке p9: Информация
Имя сопровождающего: Pavel Zilke (zidex)
Собрано source пакетов в данной ветке: 4
Последние изменения
27 июня 2023 г. 15:07
#323561 отправлено Pavel Zilke
security_fix
IT and asset management software
27 мая 2023 г. Pavel Zilke:
- New version 9.5.13 - This release fixes several security issues that have been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
29 марта 2023 г. 18:05
#317348 отправлено Pavel Zilke
security_fix
IT and asset management software
18 марта 2023 г. Pavel Zilke:
- New version 9.5.12 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute
5 декабря 2022 г. 10:42
#310702 отправлено Pavel Zilke
security_fix
IT and asset management software
5 ноября 2022 г. Pavel Zilke:
- New version 9.5.11 - Bugfix for previouys release
23 сентября 2022 г. 18:16
#307140 отправлено Pavel Zilke
critical_security_fix
IT and asset management software
14 сентября 2022 г. Pavel Zilke:
- New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
11 июля 2022 г. 14:42
#303295 отправлено Pavel Zilke
security_fix
IT and asset management software
4 июля 2022 г. Pavel Zilke:
- New version 9.5.8 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-31061 : SQL injection on login page + CVE-2022-24868 : XSS / open redirect via SVG file upload + CVE-2022-24869 : Cross Site CSS Injection
21 марта 2022 г. 11:41
#296878 отправлено Pavel Zilke
security_fix
IT and asset management software
27 января 2022 г. Pavel Zilke:
- New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload button
18 октября 2021 г. 15:20
#287044 отправлено Pavel Zilke
security_fix
IT and asset management software
12 октября 2021 г. Pavel Zilke:
- New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie accessible by scripts + CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints + CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
2 июня 2021 г. 18:34
#272696 отправлено Pavel Zilke
security_fix
IT and asset management software
13 мая 2021 г. Pavel Zilke:
- New version 9.5.5 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-3486 : Stored XSS in plugins information
14 апреля 2021 г. 21:09
#269862 отправлено Pavel Zilke
security_fixes
IT and asset management software
31 марта 2021 г. Pavel Zilke:
- New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS injection on ticket update + CVE-2021-21312 : Stored XSS on documents + CVE-2021-21313 : XSS on tabs + CVE-2021-21325 : Stored XSS in budget type + CVE-2021-21327 : Unsafe Reflection in getItemForItemtype() + CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"
26 декабря 2020 г. 19:09
#263876 отправлено Pavel Zilke
security_fixes
IT and asset management software
5 декабря 2020 г. Pavel Zilke:
- New version 9.5.3 - This is a security release, upgrading is recommended - Security fixes: + CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php + CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php + CVE-2020-26212 : Any CalDAV calendars is read-only for every authenticated user
27 июля 2020 г. 10:38
#255220 отправлено Pavel Zilke
security_fixes
IT and asset management software
7 июня 2020 г. Pavel Zilke:
- New version 9.4.6 - This is a security release, upgrading is highly recommended