librenms/librenms Security Advisories for 23.9.0 (9)
-
[HIGH] LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
PKSA-wskr-mbrz-ct8p CVE-2024-32480 GHSA-jh57-j3vq-h438
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
PKSA-g1ms-vbct-y8y2 CVE-2024-32479 GHSA-72m9-7c8x-pmmw
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to SQL injection time-based leads to database extraction
PKSA-cqy2-j4sq-mj1m CVE-2024-32461 GHSA-cwx6-cx7x-4q34
Affected version: <24.4.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Broken Access control on Graphs Feature
PKSA-dy6r-dy8y-9wrb CVE-2023-48294 GHSA-fpq5-4vwm-78x4
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting at Device groups Deletion feature
PKSA-pkpr-46hb-bg9j CVE-2023-48295 GHSA-8phr-637g-pxrg
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to rate limiting bypass on login page
PKSA-z23c-gbcv-4pv2 CVE-2023-46745 GHSA-rq42-58qf-v3qx
Affected version: <23.11.0
Reported by:
GitHub -
[HIGH] SQL injection in librenms/librenms
PKSA-xq48-tmhk-hpm4 CVE-2023-5591 GHSA-mr6h-7x2m-rgmq
Affected version: <23.10.0
Reported by:
GitHub -
[HIGH] Cross site scripting in librenms
PKSA-39bn-qzf7-nrzs CVE-2023-5060 GHSA-2q8c-gqf4-mg3v
Affected version: <23.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Arbitrary File Read
PKSA-6jtq-3877-1tyc CVE-2017-16759 GHSA-4ccx-wjqp-5fww
Affected version: <2017-08-18
Reported by:
GitHub