Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2023-3726

Medium priority
Needs evaluation

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-39369

Medium priority

Some fixes available 4 of 9

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate...

3 affected packages

moodle, ocsinventory-server, php-cas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Ignored Ignored
ocsinventory-server Not affected Fixed Not affected Not affected Ignored
php-cas Not affected Fixed Fixed Ignored Fixed
Show less packages

CVE-2020-14947

Low priority
Needs evaluation

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-15537

Medium priority
Vulnerable

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-14857

Medium priority
Not affected

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template...

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected
Show less packages

CVE-2018-14473

Medium priority
Vulnerable

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-12483

Medium priority
Vulnerable

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the...

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-12482

Medium priority
Vulnerable

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-1000558

Negligible priority
Needs evaluation

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored...

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2018-1000557

Negligible priority
Needs evaluation

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within...

1 affected packages

ocsinventory-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ocsinventory-server Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages