Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-28658 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
5.3
5.3
2021-04-06 CVE-2020-36308 Injection vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries.
network
low complexity
redmine debian CWE-74
5.3
5.3
2021-04-06 CVE-2020-36307 Cross-site Scripting vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links.
network
low complexity
redmine debian CWE-79
6.1
6.1
2021-04-06 CVE-2020-36306 Cross-site Scripting vulnerability in multiple products
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field.
network
low complexity
redmine debian CWE-79
6.1
6.1
2021-04-06 CVE-2019-25026 Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
network
low complexity
redmine debian
5.3
5.3
2021-04-06 CVE-2021-30158 Improper Authentication vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-287
5.3
5.3
2021-04-06 CVE-2021-30157 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2021-04-06 CVE-2021-30154 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2021-04-06 CVE-2021-30151 Cross-site Scripting vulnerability in multiple products
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.
network
low complexity
contribsys debian CWE-79
6.1
6.1
2021-04-02 CVE-2020-10001 Improper Input Validation vulnerability in multiple products
An input validation issue was addressed with improved memory handling.
local
low complexity
apple debian CWE-20
5.5
5.5