1285 matches found
CVE-2025-62520
CVE-2025-62520 concerns MantisBT prior to 2.27.2. The issue arises from insufficient access checks in manage_config_columns_page.php, allowing any non-admin user with access to that page to use Copy From to retrieve the columns configuration from a private project they should not access. Affected...
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...
EUVD-2025-37521
MantisBT unauthorized disclosure of private project column configuration...
GHSA-G582-8VWR-68H2 MantisBT unauthorized disclosure of private project column configuration
Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...
MantisBT unauthorized disclosure of private project column configuration
Impact Due to insufficient access-level checks, any non-admin user having access to manageconfigcolumnspage.php typically project managers having MANAGER role can use the Copy From action to retrieve the columns configuration from a private project they have no access to. Access to the reverse...
Wireshark 4.4.x < 4.4.9 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.9 advisory. - SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 - Column handlin...
Wireshark 4.4.x < 4.4.9 Multiple Vulnerabilities
The version of Wireshark installed on the remote Windows host is prior to 4.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.4.9 advisory. - SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 - Column handling crashes...
CLSA-2025-1761576318 Fix CVE(s): CVE-2022-3520
SECURITY UPDATE: Heap-based Buffer Overflow in visual mode - debian/patches/CVE-2022-3520.patch: check that the column does not become negative - CVE-2022-3520...
JLSEC-2025-41 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to ...
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
OESA-2025-2379 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to S...
OESA-2025-2378 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to S...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name text field of search-container-column-text. An attacker can execute arbitrary web scripts or inject HTML in the context of a user's browser session by submitting crafted input. Details Cross-site...
django: Django SQL injection in FilteredRelation column aliases
An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...
django: Django SQL injection in FilteredRelation column aliases
An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...
EUVD-2018-10822
Malware in sbrugna...
EUVD-2010-3661
Malware in sbrugna...
EUVD-2021-1211
Malware in sbrugna...
EUVD-2020-0059
Malware in sbrugna...
EUVD-2020-17333
Malware in sbrugna...
EUVD-2020-30148
Malware in sbrugna...