CVE-2024-34077

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

EUVD-2024-1549

Malicious code in bioql PyPI...

EUVD-2024-1832

Malicious code in bioql PyPI...

CVE-2024-34081

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2024-26080)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. MantisBT 2.26.2 before the version of the cross-site scripting vulnerability , the vulnerability stems from the...

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

MantisBT Mantis Bug Tracker is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...

CVE-2024-34080 MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

MantisBT Mantis Bug Tracker is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the...

PT-2024-25691

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.2 Description The issue affects MantisBT, an open source issue tracker, where an issue referencing a note from another issue that the user does not have access to becomes hyperlinked. Although clicking the link...

PT-2024-25687 · Mantisbt · Mantisbt

Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 2.26.2 Description: Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:2591-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2587)

This update for webkit2gtk3 to version 2.26.2 fixes the following issues : Webkit2gtk3 was updated to version 2.26.2 WSA-2019-0005 and WSA-2019-0006, bsc1155321 bsc1156318 Security issues addressed : - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead...

openSUSE Security Update : webkit2gtk3 (openSUSE-2019-2591)

This update for webkit2gtk3 to version 2.26.2 fixes the following issues : Webkit2gtk3 was updated to version 2.26.2 WSA-2019-0005 and WSA-2019-0006, bsc1155321 bsc1156318 Security issues addressed : - CVE-2019-8625: Fixed a logic issue where by processing maliciously crafted web content may lead...

openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:2587-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:2587-1 Rating: important References: 1155321 1156318 Cross-References: CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8625 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8686...