Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-28 | CVE-2021-31866 | Information Exposure Through Discrepancy vulnerability in multiple products Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. | 5.3 |
| 2021-04-28 | CVE-2021-31865 | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. | 5.3 |
| 2021-04-28 | CVE-2021-31864 | Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. | 5.3 |
| 2021-04-27 | CVE-2019-25031 | Injection vulnerability in multiple products Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. | 5.9 |
| 2021-04-26 | CVE-2021-21218 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21211 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-04-26 | CVE-2021-21209 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-04-26 | CVE-2021-21219 | Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21217 | Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21212 | Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. | 6.5 |