Debian: >> Debian Linux >> 9.0 Security Vulnerabilities
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-06
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-06
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-04-06
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-04-06
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-04-06
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
CVSS Score
5.3
EPSS Score
0.006
Published
2021-04-06
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
CVSS Score
6.1
EPSS Score
0.125
Published
2021-04-06
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-04-05
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-04-05
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-04-05