Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-09 | CVE-2021-30155 | Missing Authorization vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
| 2021-04-09 | CVE-2021-30152 | Improper Privilege Management vulnerability in multiple products An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. | 4.3 |
| 2021-04-08 | CVE-2021-3482 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. | 6.5 |
| 2021-04-08 | CVE-2021-1405 | Missing Initialization of Resource vulnerability in multiple products A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 5.0 |
| 2021-04-06 | CVE-2021-28658 | Path Traversal vulnerability in multiple products In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. | 5.3 |
| 2021-04-06 | CVE-2021-30163 | Information Exposure vulnerability in multiple products Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. | 5.0 |
| 2021-04-06 | CVE-2020-36308 | Injection vulnerability in multiple products Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | 5.0 |
| 2021-04-06 | CVE-2020-36307 | Cross-site Scripting vulnerability in multiple products Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | 4.3 |
| 2021-04-06 | CVE-2020-36306 | Cross-site Scripting vulnerability in multiple products Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | 4.3 |
| 2021-04-06 | CVE-2019-25026 | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | 5.0 |