Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Teclib-edition Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43779 1 Teclib-edition 1 Addressing 2022-06-16 9.0 HIGH 9.9 CRITICAL
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
CVE-2019-12724 1 Teclib-edition 1 News 2020-09-01 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
CVE-2019-10231 1 Teclib-edition 1 Gestionnaire Libre De Parc Informatique 2020-08-24 7.5 HIGH 9.8 CRITICAL
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
CVE-2019-12723 1 Teclib-edition 1 Fields 2019-07-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
CVE-2019-10232 1 Teclib-edition 1 Gestionnaire Libre De Parc Informatique 2019-03-28 7.5 HIGH 9.8 CRITICAL
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CVE-2018-7289 1 Teclib-edition 1 Armadito Antivirus 2018-03-17 4.3 MEDIUM 3.3 LOW
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.