EUVD-2013-3309

Malware in sbrugna...

CVE-2024-24823 graylog2-server Session Fixation vulnerability through cookie injection

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain...

CVE-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

CVE-2013-3374

Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...

CVE-2013-3374

Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...

RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities

Binary data 6841.prm...

FreeBSD : RT -- multiple vulnerabilities (3a429192-c36a-11e2-97a9-6805ca0b3d42)

Thomas Sibley reports : We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities...

[SECURITY] [DSA 2670-1] request-tracker3.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2670-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 22, 2013 http://www.debian.org/security/faq -...

RT -- multiple vulnerabilities

Thomas Sibley reports: We discovered a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.17 and 4.0.13 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities address...

Debian: Security Advisory (DSA-2670-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...