Lucene search
K

180 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:24 p.m.7 views

CVE-2021-29436

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery CSRF vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an...

8.1CVSS7.1AI score0.00525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.9 views

CVE-2021-21352

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess...

9.1CVSS7AI score0.01392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.8 views

CVE-2020-27422

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account...

9.8CVSS7AI score0.07764EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.9 views

CVE-2020-27423

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox...

7.5CVSS7AI score0.06362EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 4:24 a.m.12 views

CVE-2019-12162

Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...

7.8CVSS7.6AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:43 p.m.12 views

CVE-2022-24707

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

8.8CVSS8AI score0.07159EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 p.m.8 views

CVE-2022-31149

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a...

9.6CVSS6.7AI score0.01EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:51 p.m.10 views

CVE-2020-15255

In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software for example, when a cell value starts with an equal sign. This is fixed in version 1.19.23.5325...

8.7CVSS6.5AI score0.03504EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2023/11/08 3:38 p.m.9 views

mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

7.5CVSS7.3AI score0.01766EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/14 5:15 p.m.4 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS7.5AI score0.00556EPSS
Exploits1References2
OSV
OSV
added 2023/09/14 5:15 p.m.2 views

DEBIAN-CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS8AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2023/09/14 5:15 p.m.21 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS7.9AI score0.00556EPSS
Exploits1References1
Prion
Prion
added 2023/09/14 5:15 p.m.19 views

Input validation

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

4.4CVSS7.9AI score0.00556EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/09/14 5:15 p.m.24 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS7.4AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2023/09/14 5:15 p.m.3 views

UBUNTU-CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS6.2AI score0.00556EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/14 12:0 a.m.31 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

8.1AI score0.00556EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.4 views

GNOME Time Tracker Injection Vulnerability

GNOME Time Tracker GnoTime,GTT is a to-do list/journal/diary tool from GNOME. A security vulnerability exists in GNOME Time Tracker version 3.0.2, which stems from the presence of a CSV injection vulnerability. An attacker can exploit the vulnerability to execute arbitrary code by building a .tsv...

7.8CVSS7.9AI score0.00556EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/09/14 12:0 a.m.11 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.7AI score0.00556EPSS
Exploits1References1
CVE
CVE
added 2023/09/14 12:0 a.m.39 views

CVE-2023-36250

The CVE-2023-36250 entry concerns GNOME Time Tracker (version 3.0.2) and describes a CSV injection flaw that allows a local attacker to execute arbitrary code by crafting a .tsv file during record creation. Affected component appears to be the time-tracker input handling for TSVs, with the underl...

7.8CVSS7.8AI score0.00556EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2023/09/14 12:0 a.m.20 views

CVE-2023-36250

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...

7.8CVSS7.8AI score0.00556EPSS
Exploits1
Rows per page
Query Builder