44 matches found
CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...
UBUNTU-CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...
CVE-2025-61873
Summary: CVE-2025-61873 affects Best Practical Request Tracker (RT). The connected Debian advisory confirms the issue is a CSV injection vulnerability in RT exports to TSV from search results, caused by ticket values containing certain characters and exported in TSV, enabling injection. Debian li...
CVE-2025-61873
Best Practical Request Tracker RT before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used...
FreeBSD : RT -- CSV injection (b374df95-afa8-11f0-b4c8-792b26d8a051)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b374df95-afa8-11f0-b4c8-792b26d8a051 advisory. Gareth Watkin-Jones from 4armed reports: RT is vulnerable to CSV injection via ticket values with speci...
[SECURITY] [DSA 6032-1] request-tracker4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq -...
Debian dsa-6032 : request-tracker4 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-6032 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6032-1 [email protected] https://www.debian.org/security/...
SurrealDB has local file read of 2-column TSV files via analyzers
An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...
GHSA-2CVJ-G5R5-JRRG SurrealDB has local file read of 2-column TSV files via analyzers
An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...
tsv-buesum.de Cross Site Scripting vulnerability OBB-3831871
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-bad-blankenburg.de Cross Site Scripting vulnerability OBB-3830541
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-betzingen.de Improper Access Control vulnerability OBB-3820487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-wuchzenhofen.de Improper Access Control vulnerability OBB-3820488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-milbertshofen-fussball.de Improper Access Control vulnerability OBB-3780338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-leinfelden.de Improper Access Control vulnerability OBB-3775245
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
tsv-langenau.de Improper Access Control vulnerability OBB-3772837
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
Input validation
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...