Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severitycross-site scripting

Arch Linux 1.2.19-1 ASA-201502-3 Critical: MantisBT SQL Injection Risks

The package mantisbt before version 1.2.19-1 is vulnerable to multiple issues including cross-side scripting, database credential disclosure, sql injection, captcha bypass and url redirection. . Arch Linux Security Advisory ASA-201502-3 ======================================== Severity: High Date : 2015-02-06 CVE-ID : CVE-2014-9571 CVE-2014-9572 CVE-2014-9573 CVE-2014-9624 CVE-2015-1042 Package : mantisbt Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package mantisbt before version 1.2.19-1 is vulnerable to multiple issues including cross-side scripting, database credential disclosure, sql injection, captcha bypass and url redirection. Resolution ========= Upgrade to 1.2.19-1. # pacman -Syu "mantisbt> =1.2.19-1" The problems have been fixed upstream in version 1.2.19. Workaround ========= None. Description ========== - CVE-2014-9571 (cross-side scripting) Cross-site scripting (XSS) vulnerability in admin/install.php allows remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_password parameter. - CVE-2014-9572 (information disclosure) It was discovered that mantisbt does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. - CVE-2014-9573 (sql injection) SQL injection vulnerability in manage_user_page.php allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. - CVE-2014-9624 (captcha bypass) An attacker can get an unlimited amount of CAPTCHA "samples" with different perturbations for the same challenge, which makes the whole captcha utterly useless and very easy to bypass. - CVE-2015-1042 (url redirection) A bug in the URL sanitization routine allows an attacker to craft an URL that can redirect outside of the MantisBT instance's domain. This is related toCVE-2014-6316 [1], and the same API function is affected by the same vulnerability, but the root cause is different. Impact ===== A remote attacker is able to perform cross-side scripting, obtain database credentials, execute arbitrary SQL commands when having administrator privileges, bypass captchas or craft an URL that redirects to any domain. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9571 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9572 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9573 https://access.redhat.com/security/cve/CVE-2014-9624 https://access.redhat.com/security/cve/CVE-2015-1042 . The Debian Security Advisory DSA-2023-003 outlines critical vulnerabilities found in WordPress, particularly including CSRF and remote code execution risks.. Arch Linux Advisory, MantisBT Issues, High Severity Threats, Software Vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Feb 06, 2015 ArchLinux
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoodirectory traversal

Gentoo: GLSA-202311-02 Normal: MantisBT Local File Existence Vulnerability

Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201211-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MantisBT: Multiple vulnerabilities Date: November 08, 2012 Bugs: #348761, #381417, #386153, #407121, #420375 ID: 201211-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion. Background ========= MantisBT is a PHP/MySQL/Web based bugtracking system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.2.11 > = 1.2.11 Description ========== Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could exploit these vulnerabilities to conduct directory traversal attacks, disclose the contents of local files, inject arbitrary web scripts, obtain sensitive information, bypass authentication and intended access restrictions, or manipulate bugs and attachments. Workaround ========= There is no known workaround at this time. Resolution ========= All MantisBT users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/mantisbt-1.2.11" References ========= [ 1 ] CVE-2010-3303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303 [ 2 ] CVE-2010-3763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763 [ 3 ] CVE-2010-4348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348 [ 4 ] CVE-2010-4349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349 [ 5 ] CVE-2010-4350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350 [ 6 ] CVE-2011-2938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938 [ 7 ] CVE-2011-3356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356 [ 8 ] CVE-2011-3357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357 [ 9 ] CVE-2011-3358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358 [ 10 ] CVE-2011-3578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578 [ 11 ] CVE-2011-3755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755 [ 12 ] CVE-2012-1118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118 [ 13 ] CVE-2012-1119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119 [ 14 ] CVE-2012-1120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120 [ 15 ] CVE-2012-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121 [ 16 ] CVE-2012-1122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122 [ 17 ] CVE-2012-1123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123 [ 18 ] CVE-2012-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691 [ 19 ] CVE-2012-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201211-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alikelicense. https://creativecommons.org/licenses/by-sa/2.5/ . Numerous security flaws identified in MantisBT could lead to local file inclusion and directory traversal exploits on Gentoo platforms.. MantisBT vulnerabilities, Gentoo advisory, web application security. . LinuxSecurity.com Team

Calendar 2 Nov 08, 2012 Gentoo
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here