Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
CVE-2020-36311
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-07
CVE-2021-28688
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-06
CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
CVSS Score
5.3
EPSS Score
0.015
Published
2021-04-06
CVE-2021-30130
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-04-06
CVE-2019-25026
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-04-06
CVE-2020-36306
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-06
CVE-2020-36307
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-06
CVE-2020-36308
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-04-06
CVE-2021-30163
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-04-06
CVE-2021-30164
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved