librenms/librenms Security Advisories for 23.10.0 (7)
-
[HIGH] LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
PKSA-wskr-mbrz-ct8p CVE-2024-32480 GHSA-jh57-j3vq-h438
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
PKSA-g1ms-vbct-y8y2 CVE-2024-32479 GHSA-72m9-7c8x-pmmw
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to SQL injection time-based leads to database extraction
PKSA-cqy2-j4sq-mj1m CVE-2024-32461 GHSA-cwx6-cx7x-4q34
Affected version: <24.4.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Broken Access control on Graphs Feature
PKSA-dy6r-dy8y-9wrb CVE-2023-48294 GHSA-fpq5-4vwm-78x4
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting at Device groups Deletion feature
PKSA-pkpr-46hb-bg9j CVE-2023-48295 GHSA-8phr-637g-pxrg
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to rate limiting bypass on login page
PKSA-z23c-gbcv-4pv2 CVE-2023-46745 GHSA-rq42-58qf-v3qx
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Arbitrary File Read
PKSA-6jtq-3877-1tyc CVE-2017-16759 GHSA-4ccx-wjqp-5fww
Affected version: <2017-08-18
Reported by:
GitHub