313 matches found
[SECURITY] Fedora 33 Update: fossil-2.12.1-1.fc33
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface...
[SECURITY] Fedora 32 Update: fossil-2.12.1-1.fc32
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface...
Fedora: Security Advisory for fossil (FEDORA-2020-ac6cf99f87)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-25830
CVE-2020-25830 affects MantisBT before 2.24.3. The root cause is improper escaping of a custom field name, permitting HTML injection and, if CSP allows, arbitrary JavaScript execution when updating that custom field via bug_actiongroup_page.php. Evidence in multiple sources ties this to an XSS ri...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
The vulnerability of the Jira bug tracking system, related to improper code generation management, allows a violator to execute arbitrary code.
The vulnerability of the Jira bug tracking system is related to improper management of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2010-2488
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections...
CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...
[SECURITY] Fedora 30 Update: fossil-2.8-1.fc30
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface...
JetBrains YouTrack Privilege Vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack. An attacker can exploit the...
CVE-2019-5828
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...
CVE-2018-9839
CVE-2018-9839 affects MantisBT up to versions 1.3.14 and 2.0.0. A crafted request to bug_report_page.php altering the m_id parameter can let a user with REPORTER access or higher view private issue details (summary, description, steps, additional information) when cloning. If the user selects Cop...
CVE-2015-1316
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...
Jackhammer - One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems
One Security vulnerability assessment/management tool to solve all the security team problems. What is Jackhammer? Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the qualit...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-17076
GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file...
CVE-2018-1000637
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fix...
MariaDB: SSRF on jira.mariadb.org
Vulnerabilities in our publicly available issue and bug tracking Jira instance have been reported and resolved to the best of our abilities by upgrading to the latest available Jira software from Atlassian. Yes...
MariaDB: vulnerable to Cross-site Request Forgery | Jira
Vulnerabilities in our publicly available issue and bug tracking Jira instance have been reported and resolved to the best of our abilities by upgrading to the latest available Jira software from Atlassian...
CVE-2018-7689
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions...